post-page

WordPress 3.0.3 Security Release

18
responses
by
 
on
December 8th, 2010
in
WordPress, WordPress News, WordPress Security

Users are advised that WordPress 3.0.3 has just been released and is a security update. This release fixes issues in the XML-RPC remote publishing interface.

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

If you have remote publishing enabled on your site you are urged to upgrade. You can do so easily via the built-in automatic upgrade feature. If upgrading the old fashioned way is your cup of tea here is the list of revised files …

wp-includes/version.php
xmlrpc.php
readme.html
wp-admin/includes/update-core.php

heading
18
Responses

 

Comments

  1. dgrut (13 comments.) says:

    is it critical? im planing delay my update.

    • Len Kutchma (6 comments.) says:

      Hi dgrut,

      Depends on your definition of critical I suppose. If remote publishing is enabled then anyone with Author and/or Contributor status can, under certain circumstances, “…improperly edit, publish, or delete posts.”

      Why would you want to wait? Updating takes mere seconds now. :)

    • Alex (Viper007Bond) (4 comments.) says:

      There’s rarely a good reason not to upgrade, especially for security releases. Plus it’s so easy and fast!

    • Hikari (11 comments.) says:

      this is only a threat if you have a site with multiple authors, and you don’t trust then and make them be allowed only to mess with their own posts

      if you admin a site with that style and 1 of its authors is a hacker, he may wanna play admin in your site and test how serious is your backup system

      • dgrut (13 comments.) says:

        yup, currently im single author, even though an update must have some values added. So updates is important.

      • Jaycee (6 comments.) says:

        Agreed. Single authors create singular problems here. I don’t trust people enough to have multiple admins as of yet.

  2. Andrew Nacin (17 comments.) says:

    If you want to do a manual update, all you need to do is copy wp-includes/version.php and
    xmlrpc.php. Unless you’re really concerned that your readme.html reflects the new version :-)

  3. René (6 comments.) says:

    What’s the use of updating when de last releases since 3.0.1 don’t even function properly?

  4. Lea (1 comments.) says:

    Rrrr !!! i just updated to 3.0.2 and now they release another one ? >< !
    I had to modify my entire theme to be compatible with 3 … i hope nothing happens to it when i update to 3.0.2.



Obviously Powered by WordPress. © 2003-2013

page counter
css.php