PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PEAR Releases (05.26.2025)

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.06.2025)

Community News: Latest PECL Releases (04.29.2025)

Community News: Latest PECL Releases (04.22.2025)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Security Blog:
WordPress Update (XML-RPC Bug)

byChris Cornutt Aug 16, 2005 @ 10:47:50

The PHP Security Blog has an update on the front of the new XML-RPC bug that has surfaced - a note about the update of Wordpress to correct the hole.

WordPress 1.5.2 has been released in response to the vulnerabilities. Unfortunately I had to tell the authors, that while they have properly fixed the SQL injection vulnerabilities which I had disclosed to them 26 days before, they have not properly fixed the remote code execution exploit.

With a trivial modification of the published exploit code, it will still work against WordPress 1.5.2. A fix for this has been commited 2 days ago, after I have sent them the necessary code.

Keep an eye out here for other software that uses the XML-RPC interface, and I'll try to keep what updates I find posted...

tagged:

Link: