Thursday, July 7, 2005

pLog and xml vunerability


A vulnerability has been found in several implementations of xmlrpc libraries for php.  pLog is not affected by this problem as it uses the  Incutio XMLRPC library.


It looks like WordPress is affected by this problem. The 1.5.1.3 version of WordPress has fixed this problem.


Technorati Tags: , ,

1 comment:

  1. Hi Paul,
    I think there's an update available since june 29:
    "Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users.
    The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory."

    Looks like they were right on it.

    ReplyDelete