Rappy Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 As most will know if you log into your blog using Wordpress that theres an update but incase you don't... WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author. Since we are talking security, remember to use strong passwords and change them regularly. While you?re updating WP and your plugins, consider refreshing your passwords. [Download[/b]b>] Link to comment Share on other sites More sharing options...
blackice912 Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 Thanks (Y). Fix applied. Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol. Link to comment Share on other sites More sharing options...
Rappy Veteran Posted February 6, 2008 Author Veteran Share Posted February 6, 2008 Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol. :| Would people that low to do stuff like that? I update all the time now never used to update with the small fixes. Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 :|Would people that low to do stuff like that? I update all the time now never used to update with the small fixes. Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit. Back on topic, though, I'm very anxious to see what 2.5 brings to the table. Link to comment Share on other sites More sharing options...
zeroday Posted February 6, 2008 Share Posted February 6, 2008 Thanks for the info. Is there a changed files link? Link to comment Share on other sites More sharing options...
Echilon Posted February 6, 2008 Share Posted February 6, 2008 Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit. Back on topic, though, I'm very anxious to see what 2.5 brings to the table. I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits. Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits. I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning. Link to comment Share on other sites More sharing options...
Creamy Posted February 6, 2008 Share Posted February 6, 2008 I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning. Sometimes you see yourself as a kindergarten employee, don't you..? :p I'm sure I would.. Link to comment Share on other sites More sharing options...
Wannes Posted February 6, 2008 Share Posted February 6, 2008 Thanks for the information. Updated my son's blog while I was at it. Link to comment Share on other sites More sharing options...
lnmnky Posted February 6, 2008 Share Posted February 6, 2008 Cheers, I installed this to make it a little easier... http://www.zirona.com/software/wordpress-instant-upgrade/ Works really well, especially if you don't always have access to download+ftp facilities Link to comment Share on other sites More sharing options...
Creamy Posted February 6, 2008 Share Posted February 6, 2008 Cheers, I installed this to make it a little easier...http://www.zirona.com/software/wordpress-instant-upgrade/ Works really well, especially if you don't always have access to download+ftp facilities Yeah, been using it for a while now! (Y) Link to comment Share on other sites More sharing options...
sundayx Veteran Posted February 6, 2008 Veteran Share Posted February 6, 2008 Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes. Link to comment Share on other sites More sharing options...
Wannes Posted February 6, 2008 Share Posted February 6, 2008 I don't mind the upgrade process actually and I find it "scary" to use a plug-in for updating. This will need you CHMOD your files to 0777 not? Link to comment Share on other sites More sharing options...
lnmnky Posted February 6, 2008 Share Posted February 6, 2008 Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes. Well It just downloads the latest zip file, and extracts it over the directory. I does the same thing as I would do over FTP. So I don't see how it can go wrong. (Or more wrong than me doing it) :p Link to comment Share on other sites More sharing options...
soothsayer Posted February 7, 2008 Share Posted February 7, 2008 Thanks for the info.Is there a changed files link? http://trac.wordpress.org/changeset?old_pa....3&new=6744 Scroll to the bottom and download the zip archive. :) Link to comment Share on other sites More sharing options...
zeroday Posted February 7, 2008 Share Posted February 7, 2008 Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts