Archived

This topic is now archived and is closed to further replies.

Wordpress 2.3.3

Recommended Posts

Damo R.    29,655

As most will know if you log into your blog using Wordpress that theres an update but incase you don't...

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you?re updating WP and your plugins, consider refreshing your passwords.

[Download[/b]b>]

Share this post


Link to post
Share on other sites
blackice912    0

Thanks (Y). Fix applied.

Share this post


Link to post
Share on other sites
bangbang023    30

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

Share this post


Link to post
Share on other sites
Damo R.    29,655
Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Share this post


Link to post
Share on other sites
bangbang023    30
:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

Share this post


Link to post
Share on other sites
zeroday    19

Thanks for the info.

Is there a changed files link?

Share this post


Link to post
Share on other sites
Echilon    1
Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

Share this post


Link to post
Share on other sites
bangbang023    30
I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

Share this post


Link to post
Share on other sites
Creamy    1
I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

Sometimes you see yourself as a kindergarten employee, don't you..? :p

I'm sure I would..

Share this post


Link to post
Share on other sites
Wannes    32

Thanks for the information. Updated my son's blog while I was at it.

Share this post


Link to post
Share on other sites
Jacky L.    126

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

Share this post


Link to post
Share on other sites
Wannes    32

I don't mind the upgrade process actually and I find it "scary" to use a plug-in for updating. This will need you CHMOD your files to 0777 not?

Share this post


Link to post
Share on other sites
lunamonkey    114
Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

Well It just downloads the latest zip file, and extracts it over the directory.

I does the same thing as I would do over FTP. So I don't see how it can go wrong. (Or more wrong than me doing it) :p

Share this post


Link to post
Share on other sites
zeroday    19

Thanks.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.