It’s time for another update. WordPress 2.3.3 security update has been released. It fixes a new flaw which allows a user to edit posts of other users on that blog. This update is a must-have for blogs which accept registrations.
The super quick way to fix this flaw is to download an updated xmlrpc.php and replace the existing one. Alternatively, you can also get the entire release and update your copy of WordPress using the standard download, unzip, upload and replace approach.
They also talk about the vulnerability found in WP-Forum plugin. The vulnerability when effectively exploited, it enables malicious users to retrieve usernames, passwords, posts and their email address. This flaw is related to WP-Forum plugin, and not WordPress itself. Even the latest version of the plugin includes this flaw, so it’s advisable to disable the plugin until a newer version of the plugin is available.
Â


Discussion
Comments for “[Update] WordPress 2.3.3”