WordPress just released an urgent security release today (February 5th) that affects everyone with registration enabled, which a lot of people have turned on. The update also fixes a number of small bugs. It’s urgent you at least replace the vulnerable file, the rest of the update is optional.

A flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. Download the latest version ASAP to avoid this. You could also just use this fixed version of xmlrpc.php and copy over the existing file.

If you need any assistance upgrading and/or patching this vulnerability, don’t hesitate to let us know.

Source: WordPress