[wp-hackers] xml-rpc threat ?

Dougal Campbell dougal at gunters.org
Tue Nov 8 16:36:51 GMT 2005

Robert Deaton wrote:
> Just for future information, both of those pages are terribly
> inaccurate. WordPress does not suffer from the vulnerability
> described, but an XML-RPC vulerability was published for WordPress at
> the same time, which led to a huge misunderstanding.

This is correct.

WordPress has not used the PHPXMLRPC (AKA Useful, Inc) libraries since 
the release of version 1.5. Any vulnerabilities in those libraries does 
not affect current versions of WordPress.

As mentioned before, there *was* a *completely different* vulnerability 
related to XML-RPC which *did* affect WP not too long ago. We addressed 
that problem in version

So, to reiterate, the advisories about this current worm which mention 
WordPress 1.5.x as being vulnerable are *incorrect*.

Dougal Campbell <dougal at gunters.org>

More information about the wp-hackers mailing list