Trash Dispatch: Wordpress Blogs Security Warning!
A security flaw has been found in the new 2.2 release of the Wordpress Blog application used by Millions of online bloggers. The security flaw was found in the XML-RPC implementation of the script, and allows Registered Users to edit the post of Other users.
.
Also: Wordpress blogs using the WP-Forums Plug-in being Exploited!
from Technorati:
“Technorati has seen a number of blogs exploited by a recently announced WordPress vulnerability. The fix for it is simple: upgrade your installation or patch it. If you’re running a WordPress installation, please read about the WordPress 2.3.3. release to review your options.” [link]
from Wordpress.org
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of
xmlrpc.phpand copy it over your existingxmlrpc.php. Otherwise, you can get the entire release here.Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.
Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords. [link]
.
Patch or Upgrade your installation NOW!!!
0 comments:
Post a Comment