A security update is released for WordPress taking WordPress version to 3.0.3. The update fixes a security flaw in remote publishing interface making it a necessary for all WordPress admins to update wordpress as soon as possible.

If you have enabled remote publishing then this vulnerability in some situations can allow user with author and contributors level privileges to improperly edit, publish or delete posts.  Single author blogs are not affected with it. If you do not use remote publishing feature like posting from live writer or other desktop clients you can disable remote publishing from Setting –>  Writing

Changelog

Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts. (r16803)

List of Files Revised

wp-includes/version.php
xmlrpc.php
readme.html
wp-admin/includes/update-core.php

You can update your blog from within the WordPress dashboard or can download complete copy of latest WordPress 3.0.3 from WordPress download page.

LEAVE A REPLY

Please enter your comment!
Please enter your name here