WordPress 2.3.3: Urgent security release

There is a small but urgent security release for WordPress 2.3.2. If you use XML-RPC gateway for your WordPress, upgrade now. What’s the issue?

A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.

The upgrade process is very easy since you only need to replace the changed file. Download the latest xmlrpc.php file from WordPress trac — it’s 60 Kb — and upload to your WordPress directory (the same directory as wp-config.php). This mechanism will work if you use WordPress 2.3.2 release. If not, you’d better do a full upgrade.