A new version of Wordpress has been released just a few hours ago by the Wordpress team. The update is considered critical and fixes a security vulnerability and some minor bugs. The security flaw was found in the implementation of the XML-RPC which would allow any registered user to edit comments of other users using a specially crafted request.
Webmasters have two choices on how to secure and update their blog. The first is to use the official update process described on the Wordpress homepage which involves downloading the full distribution and replace the old files with it. A faster way which webmasters with a lot of blogs will probably prefer is to replace the xmlrpc.php with the updated one which will fix the security vulnerability but leave the minor bugs in place.
That’s probably the better solution if you never encountered them. The bugs will automatically be fixed with the next big release of Wordpress. Just make sure you update at least the security vulnerability in xmlrpc.php.
Related posts:
Wordpress 2.6.5 Security UpdateWordpress 2.5.1 released
Wordpress 2.31 is available
Wordpress 2.6.1 released
Don’t upgrade to Wordpress 2.3 yet
5 Responses to “Wordpress 2.3.3 Security Release”
Trackbacks/Pingbacks
-
[...] Wordpress 2.3.3 Security Release [...]
-
[...] problema de seguridad fue encontrada en la aplicación del XML-RPC que permita a cualquier usuario registrado para editar los comentarios de otros usuarios mediante [...]
-
[...] problema de seguridad fue encontrada en la aplicación del XML-RPC que permita a cualquier usuario registrado para editar los comentarios de otros usuarios mediante [...]
-
[...] problema de seguridad fue encontrada en la aplicación del XML-RPC que permita a cualquier usuario registrado para editar los comentarios de otros usuarios mediante [...]
The security flaw is described as “a specially crafted request would allow any valid user to edit posts of any other user on that blog.” What if you only have one user registered for a blog? Is it still a major security concern?