Add to Google Reader, Bloglines, Netvibes

6


Feb

[Update] WordPress 2.3.3

It’s time for another update. WordPress 2.3.3 security update has been released. It fixes a new flaw which allows a user to edit posts of other users on that blog. This update is a must-have for blogs which accept registrations.

The super quick way to fix this flaw is to download an updated xmlrpc.php and replace the existing one. Alternatively, you can also get the entire release and update your copy of WordPress using the standard download, unzip, upload and replace approach.

They also talk about the vulnerability found in WP-Forum plugin. The vulnerability when effectively exploited, it enables malicious users to retrieve usernames, passwords, posts and their email address. This flaw is related to WP-Forum plugin, and not WordPress itself. Even the latest version of the plugin includes this flaw, so it’s advisable to disable the plugin until a newer version of the plugin is available.

 



* Written by Thilak | Share This | * 7 Comments »

7 Comments and Trackbacks (Add Your Own)

  1. MyAvatars 0.2
    Rapidshare search
    wrote, on February 6th, 2008

    Oh nooo, thank god it does not take long. Someone should come up with some sort of script checker/reminder.

  2. MyAvatars 0.2
    Nathaniel
    wrote, on February 6th, 2008

    Should I use this update? I haven’t updated W-P in a long time. I think it may be about time, but will it leave all my old memory intact?

  3. MyAvatars 0.2
    Thilak
    wrote, on February 7th, 2008

    Nathaniel: WordPress stores all posts, comments and all other data in a database. Upgrading WordPress won’t do any harm to your database. Have a backup of your database, just as a precaution

  4. MyAvatars 0.2
    RapidMaster
    wrote, on February 7th, 2008

    Thanks Thilak for the headsup, wordpress is pretty vulnerable to hacking attacks, my blog recently got hacked, everybody on wordpress must upgrade asap.

  5. MyAvatars 0.2
    Abhishek Kumar
    wrote, on February 8th, 2008

    Oh, I have just updated my blog with 2.3.3. http://abhisays.com/wordpress/.....s-232.html Now they have launched a new version. Once again I will have to update. But I believe wordpress should come with some hack proof version as all their releases in past are vulnerable to hacking.

  6. MyAvatars 0.2
    RapidMaster
    wrote, on February 8th, 2008

    Thilak, is this (xmlrpc.php) the only file updated in this release ??

  7. MyAvatars 0.2
    Steve Elliott
    wrote, on February 19th, 2008

    I’ve only ever used Blogger. Although I find it very user friendly, it certainly doesn’t look as good as many of the WordPress blogs I see.

    How easy is WordPress to use in comparison?

Leave a Reply

Grab our RSS feed.

Updates straight to your inbox.