WordPress releases urgent shield update

February 05th, 2008 | Category: Web Services

Filed under: ,

WordPress users might have noticed an upgrade notification in their Dashboard’s nowadays. that version, dubbed WordPress 2.3.3, has been released as an urgent shield update.

The problem? Well for blogs with registration enabled, a gap in the XML-RPC implementation was found that could allow a user to edit the posts of other users on that blog.

The WordPress team has two update solutions. whether you just want to update the xmlrpc.php file, you can download it here and import it directly to your main WordPress directory (overwriting the file

that is in its place now). whether you want the full 2.3.3 update, which includes a few minor bug fixes in addition to the XML-RPC exploit, download it here and follow the usual upgrade protocol.

Additionally, whether you use the WP-Forum plugin, be aware that it is being actively exploited as a target for SQL injections. Please disable and delete the plugin until a fix is released.

Read | Permalink | Email this | Comments

Original post by Christina Warren

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Fark
  • Furl
  • Netscape
  • NewsVine
  • StumbleUpon
Related Articles
  • Wordpress 2.3.2 released to squash “Urgent” bug, adds a new feature
  • WordPress 2.5.1 defense update
  • Apple releases Mac OS X Leopard 10.5.1 defense Update
  • Apple releases safety degree Update 2008-005 for Mac OS X
  • Apple releases Leopard 10.5.4 update

    • No comments yet. Be the first.

    Leave a reply