WordPress 2.3.3 version has been released today to fix security issues in XML-RPC implementation as well as vulnerability in the WP-Forum plugin. According to WP post, an special xml-rpc request can be made that allow one user to update post of another user. Here is full list of fixes in new version.
- Fixed flaw in XML-RPC implementation. you can update XML-RPC file without updating wordpress immediately. You just need to download updated xml-rpc file and overwrite new file in your existing installation.
- Discovered a vulnerability within this WP-Forum plugin that can be exploited by malicious users to conduct SQL injection attacks. WP recommend to remove this plug-in until new release.
- Fixed a function in wp-includes/gettext.php that fails to determine the correct byteorder on FreeBSD6.2-amd64.
- Fixed emails sent problem to certain addresses.
- Fixed issue with maybe_create_table function using a full path definition of the location of the wp-config.php file.