[wp-hackers] WP’s XML-RPC functionality a security vulnerability?

Stephen Harris contact at stephenharris.info
Mon Jul 21 16:52:10 UTC 2014

I too have noticed some DoS attacks using XML-RPC to target the site. 
But the e-mail from the hosts said:

  > Attackers are abusing the feature to launch DDoS attacks against 
other sites.

so it would seem they are referring to something like 
https://core.trac.wordpress.org/ticket/4137 (which is fixed).

So I would follow their advice (disable XML-RPC if you don't need it), 
but it's not clear what vulnerability they are referring to

More information about the wp-hackers mailing list