Feb
05
From the Wordpress blog
WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.
Emphasis mine. This isn’t that urgent, if you ask me. If you don’t trust users on your blog then they shouldn’t be on your blog. This won’t effect too many people, but still, it’s always worth upgrading and fixing any potential threats no matter how small a risk they are. Grab Wordpress 2.3.3 or the patched XML-RPC file if you don’t want to upgrade.
[Update]: This is more urgent than I thought for some people. I forgot that you can let people register on your blog to make comments! Those will be valid users as well and could exploit this bug. I don’t have user registration turned on, but I know a lot of people do so this is quite serious indeed. Upgrade ASAP.
About Chrispian
- My name is Chrispian and I have to thank my parents for the forward thinking that ensured the .com would be available to me when the time came. I'm a self employed web developer and have been working in the computer / internet field for almost 14 years now ... More About Me
Follow Me
- Flickr, Pownce, Twitter, LinkedIn, Facebook, Last.FM, MySpace, del.icio.us, Stumble Upon, Mahalo, YouTube
Twitter Updates
- RT @Bnpositive: Found a cool new way to quickly jump to my favorite websites in Firefox. http://lx.im/4QzJ #ad
- @andrewbadera love that song!!
- I'm at The Belmont in Austin, TX http://gowal.la/s/3Lz
- I'm at Mexican American Cultural Center in Austin, TX http://gowal.la/s/3KA
- I'm at Daddy's Grill and Bar in Austin, TX http://gowal.la/s/5iR
Flickr Pics
Wow :D It’s such a shame more people haven’t heard about this site, it covered what I needed to know!!!
December 21st, 2009 at 7:24 am