WordPress 2.3.3 security release to fix XMLRPC vulnerabilities

WordPress 2.3.3 has been released as an urgent security release.WordPress blog says that this release is mainly to fix vulnerabilities in XML-RPC.
This vulnerability could let exploiters to maliciously alter posts in your blog though well constructed requests.Wordpress 2.3.3 also fixes a few other bugs.

The files that have undergone changes in wordpress 2.3.3(from the earlier version – wordpress 2.3.2) are

  • wp-includes/version.php
  • wp-includes/pluggable.php
  • wp-includes/gettext.php
  • wp-admin/install-helper.php
  • xmlrpc.php

If you want to fix only the vulnerability in xmlrpc then you can download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.
Else you can download wordpress 2.3.3 and replace only the aforementioned files.
Not sure how many more urgent security releases that wordpress will have to make in future.

2 comments on “WordPress 2.3.3 security release to fix XMLRPC vulnerabilities

  1. I am so resistant in upgrading wordpress. I wonder whats wrong with wordpress guys, so many security releases and that too so fast, I think wordpress i not working properly over the release and no beta testing

    Kanak Bhandari’s last blog post..Keep testing skyfire !!! Opera 9.5 ready with tab , ajax and flash enabled mobile browser !!

  2. Also consider using a LockDown plugin to protect your blog from Brute force attack.

    Ashfame’s last blog post..Free Custom WordPress Smilies

Leave a Reply

Your email address will not be published. Required fields are marked *

*