Serious Security Flaw: Upgrade Immediately

Today a serious security flaw in the current version of WordPress surfaced in the support forums. Basically, a user with login rights but not editing capabilities can edit any post using XML-RPC. A quick fix is to delete the xmlrpc.php file, although you should be aware that this will also keep your site from receiving pingbacks. WordPress 2.3.3 should be released shortly, so be sure to upgrade once it does.

You can see a proof of concept here.

UPDATE: WordPress 2.3.3 has been released, so I recommend that you upgrade as soon as possible.

Post a Comment

Your email is never published nor shared. Required fields are marked *