[Update] WordPress 2.3.3

It’s time for another update. WordPress 2.3.3 security update has been released. It fixes a new flaw which allows a user to edit posts of other users on that blog. This update is a must-have for blogs which accept registrations.

The super quick way to fix this flaw is to download an updated xmlrpc.php and replace the existing one. Alternatively, you can also get the entire release and update your copy of WordPress using the standard download, unzip, upload and replace approach.

They also talk about the vulnerability found in WP-Forum plugin. The vulnerability when effectively exploited, it enables malicious users to retrieve usernames, passwords, posts and their email address. This flaw is related to WP-Forum plugin, and not WordPress itself. Even the latest version of the plugin includes this flaw, so it’s advisable to disable the plugin until a newer version of the plugin is available.

 

This post was published by on February 6, 2008

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • http://www.codenamesearch.com/upcoming.php Rapidshare search

    Oh nooo, thank god it does not take long. Someone should come up with some sort of script checker/reminder.

  • http://green-flamingo.com Nathaniel

    Should I use this update? I haven’t updated W-P in a long time. I think it may be about time, but will it leave all my old memory intact?

  • http://tech-buzz.net Thilak

    Nathaniel: WordPress stores all posts, comments and all other data in a database. Upgrading WordPress won’t do any harm to your database. Have a backup of your database, just as a precaution

  • http://www.rapidsharetools.com RapidMaster

    Thanks Thilak for the headsup, wordpress is pretty vulnerable to hacking attacks, my blog recently got hacked, everybody on wordpress must upgrade asap.

  • http://abhisays.com Abhishek Kumar

    Oh, I have just updated my blog with 2.3.3. http://abhisays.com/wordpress/upgrade-your-blog-with-wordpress-232.html Now they have launched a new version. Once again I will have to update. But I believe wordpress should come with some hack proof version as all their releases in past are vulnerable to hacking.

  • http://www.rapidsharetools.com RapidMaster

    Thilak, is this (xmlrpc.php) the only file updated in this release ??

  • http://www.gadgets4nowt.co.uk Steve Elliott

    I’ve only ever used Blogger. Although I find it very user friendly, it certainly doesn’t look as good as many of the WordPress blogs I see.

    How easy is WordPress to use in comparison?