Tuesday, February 05, 2008

WordPress Ships 'Urgent' Security Update

Ryan Naraine writes on eWeek:

A security hole in the XML-RPC implementation allows unauthorized third parties to edit WordPress-powered blogs.

Blogging software provider WordPress has shipped an "urgent" security update to fix an XML-RPC implementation flaw that allows unauthorized third-party editing of blog posts.

With WordPress 2.3.3, the open-source company patches a bug that could let attackers use specially crafted requests to edit posts of any other user on that blog. An attacker would need valid user credentials to edit posts by another user on the blog, WordPress said in an advisory.

More here.


Post a Comment

<< Home