WordPress 2.3.3



If you haven’t read or seen the announcement on your WP Dashboard, several hours ago the WordPress Development team released WordPress 2.3.3 as an urgent security release. They found a flaw in the way XML-RPC was implemented and that it allowed a valid user to edit posts of a different user on that blog via a well designed request. Aside from this issue, WP 2.3.3 also these minor bugs:

  • gettext fails to determine byteorder on 64bit systems with php5.2.1
  • some registration emails fail in 2.3.1 b/c of “callout verification”
  • maybe_create_table call to config.php issue

Doing the full upgrade is good but if you don’t have the time to upgrade your WordPress installation and just want to be safe, all you need to do is download the fixed version of the xmlrpc.php and replace the existing one in your WordPress folder.

An additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that you remove it until an updated version is made available.

Have you updated your WordPress installation already? Did you experience any conflicts and/or issues during and after the upgrade process? Please share your thoughts by leaving a comment below.


Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

10 Comments

  1. JP Habaradas

    February 12, 2008 at 12:38 PM

    @sasha – You’re welcome! :)

  2. sasha

    February 12, 2008 at 12:52 AM

    the information is really useful! Thanks!

  3. JP Habaradas

    February 7, 2008 at 11:55 PM

    @estan – If you don’t have time to do the full upgrade, you can just download the fixed xmlrpc.php file and overwrite the old one. That shouldn’t take more than a couple minutes of your time. :D

  4. estan

    February 7, 2008 at 11:51 PM

    well, i’m pressed for time right now. but thanx for this info.

    estan’s last blog post..The stunning cascades of Aliwagwag Falls

  5. JP Habaradas

    February 6, 2008 at 8:35 AM

    @K – It’s all good! As I mentioned in my post, doing the complete upgrade is good but not compulsary because the flaw is found only in the xmlrpc.php file. At least you learned a lesson about reading instructions carefully and about changing passwords, right? Next time, you’ll know what to do. :D

  6. K

    February 6, 2008 at 8:34 AM

    I’m so engot talaga. I actually updated the whole wp files. COMPLETE. I didn’t read carefully, isa lang pala kailangan. Sometimes this upgrade is confusing and not clear to me, wordpress should list down what file and how-to instructions so it’s easy for everyone. Pero, ok lang at least it gives me the idea na we should change our password every often.

    K’s last blog post..Lucky is the home with a plant that blooms on New Year’s Day

  7. JP Habaradas

    February 5, 2008 at 4:00 PM

    @jhay – Really? How many blogs did you upgrade last night? Upgrading a WordPress installation is fun but when you have multiple blogs to maintain, it can be very time consuming. Having a fast Internet connection helps in speeding up the upgrade process. :)

  8. jhay

    February 5, 2008 at 2:59 PM

    I just upgraded all my blogs last night. It was a marathon upgrade session really. :mrgreen:

    jhay’s last blog post..First ever TEAM ATENEO-LA SALLE T-shirt now available

  9. JP Habaradas

    February 5, 2008 at 12:20 PM

    @deric – You’re welcome! Glad to be of help. I see that you’re using Windows Live Writer. I’ve tried it but I just can’t seem to get used to it. I dunno why. Probably coz I want to have full control of how I compose my posts and the way they’re formatted. :D

    Btw, how long have you been using Windows Live Writer? Do you use it all the time or only for the nursing site?

  10. deric

    February 5, 2008 at 12:19 PM

    thanks Jaypee for highlighting the issue about xml-rpc. That file is essential for my windows live writer to connect to my nursing site. It’s good to know that they’d fix the flaw already. :mrgreen:

    deric’s last blog post..FINAL: Nursing Board Licensure Exam Results for December 2007

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.