If you haven’t read or seen the announcement on your WP Dashboard, several hours ago the WordPress Development team released WordPress 2.3.3 as an urgent security release. They found a flaw in the way XML-RPC was implemented and that it allowed a valid user to edit posts of a different user on that blog via a well designed request. Aside from this issue, WP 2.3.3 also these minor bugs:
- gettext fails to determine byteorder on 64bit systems with php5.2.1
- some registration emails fail in 2.3.1 b/c of “callout verification”
- maybe_create_table call to config.php issue
Doing the full upgrade is good but if you don’t have the time to upgrade your WordPress installation and just want to be safe, all you need to do is download the fixed version of the xmlrpc.php and replace the existing one in your WordPress folder.
An additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that you remove it until an updated version is made available.
Have you updated your WordPress installation already? Did you experience any conflicts and/or issues during and after the upgrade process? Please share your thoughts by leaving a comment below.