WordPress 2.3.3: An Urgent Security Release!
WordPress launched ‘WordPress 2.3.3.’ Classifying the release as urgent, it has been launched to counter a security bug discovered, “If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs,” went the official statement.
You have two options for the download, either download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php or you could get the entire release from the official download section here.
There’s also a warning that, there is a vulnerability in the WP-Forum plugin that is being actively exploited at present. In case you are using this plugin, remove it until an update is available from its author.
You might want to keep your accounts secure, and it’s a good idea to make use of strong passwords and change them at regular intervals. Further, even while you update WP and the plugins, refresh your passwords.