WordPress 2.3.3 Urgent Update
A security flaw has been discovered in the XML- RPC implementation. XML-RPC is a spec and a set of implementations that allow software running on disparate operating systems, running in different environments to make procedure calls over the Internet. The update fixes the flaw that allows a user to edit post in your blog by doing a specially crafted request. Enough with the technical details, if you are using WordPress and have your user registration enabled then you should update your hosted WordPress. This will prevent registered users in your blog from editing your posts.
The update also includes some bug fixes:
- gettext fails to determine byteorder on 64bit systems with php5.2.1
- some registration emails fail in 2.3.1 b/c of “callout verification”
- maybe_create_table call to config.php issue
WordPress also reported a vulnerability in the WP-Forum plugin that is being actively exploited right now. WP-Forum is a WordPress plugin that enables you to have a forum directly attached to your WordPress installation. If you are using this plugin, it is strongly recommended that you remove it until an update is available from its author.