05
Feb
stored in: News
If you are using WordPress 2.3.2 and have registration enabled, pay attention. A flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. 2.3.3 also fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.
Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.
