WordPress have just launched a new security release, version 2.3.3. It’s recommended that you upgrade immediately to the new version. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

The absolute easiest way to upgrade your WordPress installation is to use the WordPress Automatic Upgrade plugin. It takes care of everything and all you have to do is click a few buttons. Database backup, downloading the latest version, cleaning up the installation files, everything done with just a few clicks. You can upgrade 10 blogs in 10 minutes with this plugin installed.

This entry was posted on Tuesday, February 5th, 2008 at 6:54 pm in WordPress News.