WordPress 2.3.3 Security Release

WordPress.org Logo

The WordPress.org team has released an official update to WordPress dubbed 2.3.3. This update fixes a serious security flaw that was discovered within the XML-RPC implementation. By using this flaw, a specially crafted request would allow any valid user to edit posts of any other user on that blog.

The team also managed to place three bug fixes into the patch which can be viewed here. These types of releases for WordPress.org are serious. No, the world will not end if you do not upgrade. However, you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you are using WP-Forum, you are encouraged to disable the plugin until a security patch has been released.

Visit WordPress.org to see the complete details regarding this release.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s