Pressed Words » XML-RPC http://pressedwords.com News and commentary about all things WordPress Thu, 11 Jun 2009 03:54:22 +0000 en-US hourly 1 http://wordpress.org/?v=4.1 Serious Security Flaw: Upgrade Immediately http://pressedwords.com/serious-security-flaw-upgrade-immediately/ http://pressedwords.com/serious-security-flaw-upgrade-immediately/#comments Sun, 03 Feb 2008 05:04:44 +0000 http://pressedwords.com/serious-security-flaw-upgrade-immediately/ Today a serious security flaw in the current version of WordPress surfaced in the support forums. Basically, a user with login rights but not editing capabilities can edit any post using XML-RPC. A quick fix is to delete the xmlrpc.php file, although you should be aware that this will also keep your site from receiving pingbacks. WordPress 2.3.3 should be released shortly, so be sure to upgrade once it does.

You can see a proof of concept here.

UPDATE: WordPress 2.3.3 has been released, so I recommend that you upgrade as soon as possible.

]]> http://pressedwords.com/serious-security-flaw-upgrade-immediately/feed/ 0