Hey everyone, just a quick post letting you all know WordPress 2.3.3 has been released. According to WordPress.org, there was a flaw in their XML-RPC implementation, “such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.” WordPress 2.3.3 also fixes a few minor bugs, so it looks like it’ll be a good idea to upgrade.
If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can just download the whole release.
WordPress 2.3.3 – Full Version
Post Revisions:
- 5 August, 2010 @ 4:54 [Current Revision] by michael castilla
- 5 February, 2008 @ 5:50 by Ryan Imel
Posted February 5, 2008
Thássius V. said:
I’ve upgraded my WP using the WordPress Automatic Update plugin. Pretty easy!
on February 6, 2008 at 2:43 pm