{"id":2812,"date":"2008-02-05T12:19:04","date_gmt":"2008-02-05T06:49:04","guid":{"rendered":"https:\/\/www.quickonlinetips.com\/archives\/2008\/02\/wordpress-233-urgent-security-release-for-xml-rpc-flaw\/"},"modified":"2020-04-01T16:43:52","modified_gmt":"2020-04-01T11:13:52","slug":"wordpress-233-urgent-security-release-for-xml-rpc-flaw","status":"publish","type":"post","link":"https:\/\/www.quickonlinetips.com\/archives\/2008\/02\/wordpress-233-urgent-security-release-for-xml-rpc-flaw\/","title":{"rendered":"WordPress 2.3.3 Urgent Security Release for XML-RPC Flaw"},"content":{"rendered":"

An urgent wordpress security release is out and its time to upgrade to WordPress 2.3.3<\/strong> again. This time its a flaw in XML-RPC<\/strong> implementation that could let people exploit your blog in malicious ways.<\/p>\n

The WordPress team announced<\/a> that they have found a flaw in XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.<\/span> Now that is really scary.<\/p>\n

WordPress 2.3.3 also fixed a few minor bugs<\/a>. They say if you are interested only in the security fix, download wordpress 2.3.3<\/a>. and after extracting the package, find the xmlrpc.php<\/span> file in the root directory and copy it over your existing xmlrpc.php. That’s the fastest way to fix the security problem without a full wordpress installation.<\/p>\n

They also point to a vulnerability in the WP-Forum plugin that is being actively exploited and if you are using this plugin, remove it until an update is available.<\/p>\n

Update<\/strong> – Once you only update xmlrpc.php, the wordpress alert keeps on bothering you repeatedly.<\/p>\n

\"Wordpress<\/p>\n

So I went around finding files which were updated since the last release. You can simply replace the changed files instead of a full install and stop the message.<\/p>\n

xmlrpc.php
\nwp-admin\/install-helper.php
\nwp-includes\/version.php
\nwp-includes\/gettext.php
\nwp-includes\/pluggable.php<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

An urgent wordpress security release is out and its time to upgrade to WordPress 2.3.3 again. This time its a…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[6,7],"tags":[17],"class_list":["post-2812","post","type-post","status-publish","format-standard","hentry","category-blogging","category-security","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/2812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/comments?post=2812"}],"version-history":[{"count":0,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/2812\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/media?parent=2812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/categories?post=2812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/tags?post=2812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}