Wordpress has issued an urgent security release of WordPress 2.3.3 in response to a bug that impacts blogs that have registration enabled. From the Wordpress site…
 |
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.
Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author. Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords. |
Make sure to update your Wordpress install if you haven’t already done so.
I run a few wordpress blogs luckily this is only a small fix and doesnt require any major changes, nor does it create any plugin issues.
Good job wordpress for getting the fix out!
I generally avoid upgrading to every single wp upgrade. But it seems to be must.
If you’re a fairly proficient PHP programmer you can generally apply the security patches and upgrades manually.
I’m currently working with several Wordpress installs, each with various degrees of modification and customization. WP is a very friendly “open source” project which makes “hacks” something almost all blogger/programmers experiment with and once you’ve “hacked” your software, an auto-upgrade could cause unwanted results.