Wordpress has released a quick security fix for its popular blogging platform. The new version Wordpress 2.3.3 is an urgent security release. According to the release announcement, a flaw was found in the XML-RPC implementation due to which it could allow a user to edit posts of other users on that blog. This is huge security issue and Wordpress has urgently requested everyone to do the upgrade to the newer version.
You can download the Wordpress 2.3.3 from here, and the upgrade instructions are here. The XML-RPC bug can be fixed by just replacing with the newer xmlrpc.php from the Wordpress 2.3.3 zip file. Other than the XML-RPC bug 3 more fixes have been done in the zip file:
- Trac 3780 gettext fails to determine byteorder on 64bit systems with php5.2.1
- Trac 5090 maybe_create_table call to config.php issue
- Trac 5273 some registration emails fail in 2.3.1 b/c of "callout verification"
Another flaw exists in the WP-Forum plugin which is very popular and is used to create forums on the Wordpress platform. The announcement advises users to remove the plugin and install a newer version whenever it is released. The developer for the plugin is working hard towards releasing a fix.