[wp-hackers] XMLRPC rework
alex at buayacorp.com
Thu Aug 30 16:28:47 GMT 2007
I think WP's XMLRPC server needs more attention because it has some
buggy methods and by default allows to gather useful information to
The following methods doesn't seem to work and because of security
implications, I suggest remove them -- although I'm not sure if they
were added for compatibility reasons.
OTOH, unprivileged users (aka anyone with a subscriber role) can
retrieve data which could be used for unknown purposes. Examples:
- mw_getRecentPosts will return posts including private fields like
- wp_getAuthors will return the list of users with private data (email
PS. Sorry for my bad English.
No se puede cambiar el curso de la historia a base de cambiar los
retratos colgados en la pared
-- Jawaharlal Nehru.
More information about the wp-hackers