Skip to content

December 9, 2010

WordPress 3.0.3 Fixes Authorization Issues

Hot on the heels of the previous update that patched an authenticated SQL injection vulnerability, WordPress have released version 3.0.3 which fixes authorization issues in the remote publishing interface. The vulnerability may allow Author and Contributor-level users to improperly edit, publish, or delete posts. WordPress state:

These issues only affect sites that have remote publishing enabled.

I would also add that these issues only affect sites that actually have Author and Contributor-level users. If you’re the only user of your blog, you don’t need to be worried (but update anyway).

Remote publishing is enabled and disabled in Settings > Writing > Remote Publishing.

Related posts:

  1. WordPress 3.0.4 Patches XSS Flaws in HTML Sanitation Library
  2. Mac OS X Skype 0day Remote Code Execution Vulnerability [Updated]
  3. iPad Lock Screen Bypass Vulnerability using Smart Cover [Patched]
  4. WordPress <= 3.0.1 Authenticated SQL Injection 0day [Patched]
  5. Security Update 2011-005 Fixes DigiNotar SSL Vulnerability
Read more from Security, Updates, Vulnerabilities
, , , , , , , ,

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php