WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of
xmlrpc.php
and copy it over your existingxmlrpc.php
. Otherwise, you can get the entire release here.
I have not yet update my blog, I believe that I am not affected since my blog is run by me only. I will just wait for the next WordPress and i hope it will have a 1 push button update. To avoid the problem that may occur during manual update.