WordPress releases urgent security update

Posted Feb 5th 2008 6:30PM by Christina Warren
Filed under: Security, Blogging

WordPress users might have noticed an upgrade notification in their Dashboard's today. This version, dubbed WordPress 2.3.3, has been released as an urgent security update.

The problem? Well for blogs with registration enabled, a hole in the XML-RPC implementation was found that could allow a user to edit the posts of other users on that blog.

The WordPress team has two update solutions. If you just want to update the xmlrpc.php file, you can download it here and import it directly to your main WordPress directory (overwriting the file that is in its place now). If you want the full 2.3.3 update, which includes a few minor bug fixes in addition to the XML-RPC exploit, download it here and follow the usual upgrade protocol.

Additionally, if you use the WP-Forum plugin, be aware that it is being actively exploited as a target for SQL injections. Please disable and delete the plugin until a fix is released.

Tags: security update, SecurityUpdate, wordpress

• Read
• Permalink
• Email this
• Share
• Comments [1]

Related Headlines

• Acquia: Commercially supported Drupal (7 days ago - 4 Comments)
• Automattic buys Intense Debate, better Wordpress comments coming soon (14 days ago - 0 Comments)
• Disqus launches improved Wordpress plugin, now SEO-friendly (56 days ago - 0 Comments)

Reader Comments (Page 1 of 1)

1

2-05-2008 @ 7:18PM

Robert H said...

*phew* I thought I might have been abducted by aliens and started posting ads for online poker in my blog. Glad to know it was just a bug that they have fixed :)

Reply

View Posts By

Categories

Audio (873)

Beta (363)

Blogging (713)

Browsers (83)

Business (1386)

Design (833)

Developer (945)

E-mail (532)

Finance (129)

Fun (1816)

Games (581)

Internet (5008)

Kids (140)

Office (511)

OS Updates (594)

P2P (185)

Photo (477)

Podcasting (169)

Productivity (1374)

Search (291)

Security (554)

Social Software (1149)

Text (443)

Troubleshooting (53)

Utilities (2030)

Video (1065)

VoIP (141)

web 2.0 (826)

Web services (3438)

Companies

Adobe (189)

AOL (53)

Apache Foundation (1)

Apple (486)

Canonical (36)

Google (1353)

IBM (30)

Microsoft (1339)

Mozilla (481)

Novell (20)

OpenOffice.org (45)

PalmSource (12)

Red Hat (17)

Symantec (14)

Yahoo! (360)

License

Commercial (694)

Shareware (197)

Freeware (2097)

Open Source (944)

Misc

Podcasts (14)

Features (397)

Hardware (167)

News (1139)

Holiday Gift Guide (15)

Platforms

Web (0)

Mobile (0)

Windows (3759)

Windows Mobile (436)

BlackBerry (46)

Macintosh (2134)

iPhone (106)

Linux (1638)

Unix (79)

Palm (177)

Symbian (124)

Columns

Ask DLS (11)

Analysis (35)

Browser Tips (299)

DLS Podcast (6)

Googleholic (206)

How-Tos (105)

DLS Interviews (19)

Design Tips (15)

Mobile Minute (136)

Mods (68)

Time-Wasters (409)

Weekend Review (40)

Imaging Tips (32)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• 
• Feeds by category

Sponsored Links

Advertise with Download Squad

Most Commented On (60 days)

• Windows XP gets another stay of execution (26)
• The one thing I hate about Linux (26)
• 24 Great Open Source Apps for Admins & Technicians (20)
• Microsoft begins rolling out Hotmail redesign (15)
• StumbleUpon relaunches: No browser toolbar necessary (11)
• So your web host is retiring: How to back-up and move forward (10)
• The Ten Blogging Commandments: Thou shalt not linkbait (10)
• Open source Synkron does killer cross-platform synchronization (9)
• Livestation adds more TV channels, Linux and Mac clients (9)
• Weird Al Yankovic: Download my songs as soon as I record them (9)

Recent Comments

• politico on Hulu to stream presidential debates live
• Michael Hill on Jason's Favorite Windows apps: MindManager
• Superevil on Emerge Desktop provides a cleaner Windows desktop
• Yazan on Jason's Favorite Windows apps: Evernote
• michas_pi on Stop drunk-emailing! Put on your Mail Goggles.
• dukeman on Jason's Favorite Windows apps: MindManager
• Roc on 5 Free Apps to Clone Your Hard Drive
• Sleepydude on Jason's Favorite Windows apps: FeedDemon
• Mark on Emerge Desktop provides a cleaner Windows desktop
• JohnnyL on Emerge Desktop provides a cleaner Windows desktop

Urlesque Headlines

• Marvel Comics Calls Vegans Lame Aliens Bent on Cowardly World Conquest
• Overweight, Unclassified Space Objects
• Election Blingee Makes Palin and Obama Sparkle, But McCain Sizzles (Like the Devil)
• Erin Moran Still 'Happy'
• Girls With Mustaches

BloggingStocks Tech Coverage

• AAPL Apple Inc
• ADBE Adobe Systems
• AKAM Akamai Technologies
• AMZN Amazon
• CSCO Cisco Systems
• DELL Dell
• EBAY eBay
• GOOG Google
• INTC Intel
• INTU Intuit Inc
• JAVA Sun Microsystems
• MOT Motorola
• MSFT Microsoft
• NOK Nokia Corp
• ORCL Oracle Corp
• PALM Palm Inc
• RHT Red Hat Inc
• RIMM Research in Motion
• SYMC Symantec Corp
• TWX AOL Time Warner
• YHOO Yahoo!

More Tech Coverage

• Control Shift It's all about the experience
• Somewhat Frank Perspectives on tech as it fuses in everyday life
• Switched Gadgets, web news and commentary
• Urlesque Exposing bits of the web

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

Download Squad is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL