WordPress 2.3.3 version has been released today to fix security issues in XML-RPC implementation as well as vulnerability in the WP-Forum plugin. According to WP post, an special xml-rpc request can be made that allow one user to update post of another user. Here is full list of fixes in new version.

  • Fixed flaw in XML-RPC implementation. you can update XML-RPC file without updating wordpress immediately. You just need to download updated xml-rpc file and overwrite new file in your existing installation.
  • Discovered a vulnerability within this WP-Forum plugin that can be exploited by malicious users to conduct SQL injection attacks. WP recommend to remove this plug-in until new release.
  • Fixed a function in wp-includes/gettext.php that fails to determine the correct byteorder on FreeBSD6.2-amd64.
  • Fixed emails sent problem to certain addresses.
  • Fixed issue with maybe_create_table function using a full path definition of the location of the wp-config.php file.

Upgrade with latest WordPress Release

Written by Bala Krishna

Bala Krishna is web developer and occasional blogger from Bhopal, MP, India. He like to share idea, issue he face while working with the code.