Skip to content
Feb 5 / kkrizka

WordPress 2.3.3 Released has released an update to the popular blogging software (that also powers this blog). It is recommended that all users upgrade, because a critical vulnerabilty was found. According to the release announcement, blogs with registration enabled are vulnerable to post editing and creating via the XML-RPC interface. XML-RPC is the protocol used to remotely update blogs, so it is quite common on most blog.

The other fixed bugs include:

  • Trac 3780 gettext fails to determine byteorder on 64bit systems with php5.2.1
  • Trac 5090 maybe_create_table call to config.php issue
  • Trac 5273 some registration emails fail in 2.3.1 b/c of “callout verification”

To upgrade, WordPress included the following instructions, but I recommend using one of the automatic WordPress upgrade plugins, like WordPress Automatic Upgrade plugin, because it makes the whole process faster.

If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Leave a comment