Source: wordpress Severity: grave Tags: security patch Hi Kai, A security issue in wordpress' xml-rpc implementation was found[0]: | WordPress 2.3.3 is an urgent security release. A flaw was | found in our XML-RPC implementation such that a specially | crafted request would allow any valid user to edit posts of | any other user on that blog.
Looking at the latest changes on xml-rpc the following changesets seem to be relevant: http://trac.wordpress.org/changeset/6709 http://trac.wordpress.org/changeset/6714 Upstream ticket: http://trac.wordpress.org/ticket/5313 A CVE id is currently pending for this. For further information: [0] http://wordpress.org/development/2008/02/wordpress-233/ Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpSrNV7ShAGo.pgp
Description: PGP signature
