Wordpress 2.3.3 security release is out to public addressing issues and minor fixes. A vulnerability that will allow users to edit post of any other users of a wordpress blog. According to Wordpress Development Blog.

A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs.

They also mentioned about a vulnerabity on WP-Forum plugin.

Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Be sure to patch your wordpress blogs and checked your plug-in installed on you blog regularly. Be safe than sorry.

Like the post? Subscribe to my feed HERE! SUBSCRIBE!

Recent Entries

• Blackhat Fish
• Why you need to learn blackhat SEO
• Will Google Friend Connect Boom
• Yahoo Flagged Google as a Dangerous Downloading Site
• Now that’s relevant
• Microsoft dropped its unsolicited bid to Yahoo
• A well rounded webmaster forum contest worth $25K of prizes
• Slowly depleting adsense ads
• Pagerank Update
• Wordpress 2.5.1 security release

This entry was posted on Tuesday, February 5th, 2008 at 4:17 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.