[wp-hackers] xml-rpc threat ?
Dougal Campbell
dougal at gunters.org
Tue Nov 8 16:36:51 GMT 2005
Robert Deaton wrote:
> Just for future information, both of those pages are terribly
> inaccurate. WordPress does not suffer from the vulnerability
> described, but an XML-RPC vulerability was published for WordPress at
> the same time, which led to a huge misunderstanding.
This is correct.
WordPress has not used the PHPXMLRPC (AKA Useful, Inc) libraries since
the release of version 1.5. Any vulnerabilities in those libraries does
not affect current versions of WordPress.
As mentioned before, there *was* a *completely different* vulnerability
related to XML-RPC which *did* affect WP not too long ago. We addressed
that problem in version 1.5.1.3
So, to reiterate, the advisories about this current worm which mention
WordPress 1.5.x as being vulnerable are *incorrect*.
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
More information about the wp-hackers
mailing list