Joe Hayes {dot} Org

An urgent update for Wordpress was released yesterday, specifically to fix a flaw in the XML-RPC implementation that could potentially allow an unscrupulous user to edit other user’s posts. If you’re in a pinch and aren’t too worried with other fixes, you can download the patched xmlrpc.php from here and overwrite your existing file.

On another note, Wordpress Mu webmasters need to also patch their versions to the latest  (v1.3.3 – which is a both a merge with the regular Wordpress version 2.3.3 and a patch for their own security exploit that “allows any user with, ‘manage_options’ and ‘upload_files’ capabilities to execute arbitrary PHP code” – the code (oops) of which was posted openly. Why… oh why… do people post exploited code? Eh, guess I did too in a way.

At any rate, I hope you updated. Hackers (or should I say script kiddies) are sure to be on the loose this week.