[wp-hackers] xml-rpc threat ?

Scott Merrill skippy at skippy.net
Mon Nov 7 15:07:19 GMT 2005

Podz wrote:
> http://www.theregister.co.uk/2005/11/07/linux_worm/
> http://isc.sans.org/diary.php?storyid=823
> "xml-rpc for php is used in a large number of popular web applications
> such as PostNuke, Drupal, b2evolution, Xoops, WordPress, PHPGroupWare
> and TikiWiki. When exploited, this could compromise a vulnerable system.
> Most of these packages should have xml-rpc for php vulnerability fixed
> in the latest version. If you are still running an old version, you
> should get it updated immediately."
> I'm assuming it's fixed, but confirmation ahead of any forum posts would
> be nice.

WordPress doesn't use the same XMLRPC library as most other PHP
applications, so we're generally not affected by the same problems.

skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list