WordPress Ships 'Urgent' Security Update | eWeek

WordPress Ships ‘Urgent’ Security Update

Écrit par
Ryan Naraine
Ryan Naraine
Feb 5, 2008
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Blogging software provider WordPress has shipped an “urgent” security update to fix an XML-RPC implementation flaw that allows unauthorized third-party editing of blog posts.

With WordPress 2.3.3, the open-source company patches a bug that could let attackers use specially crafted requests to edit posts of any other user on that blog. An attacker would need valid user credentials to edit posts by another user on the blog, WordPress said in an advisory.
“If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php [file],” the company said.
The new version of WordPress, which is widely deployed on several high-profile blog networks, is available here.
Separately, WordPress notified users of a serious-still unpatched-vulnerability in the WP-Forum plug-in that could lead to SQL injection attacks against databases.
The WP-Forum plug-in bug “is being actively exploited right now,” the company warned, urging users to remove the vulnerable plug-in until an update is available.
This vulnerability, rated “moderately critical” by Secunia, allows a malicious hacker to “retrieve user names, password hashes and e-mail addresses” for all users on a compromised blog, including administrators.
The WordPress developer team also urged bloggers to use strong passwords on all accounts and to consider changing those passwords regularly.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.