WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Critical Flaw In XML-RPC ? (8 posts)

  1. sapiensbryan
    Member
    Posted 8 years ago #

    Hi everyone,

    I've just come acrossed an article from TechWorld regarding a critical security flaw found in XML-RPC. I saw a XML-RPC file in WP, so just wondering will WP need a patch on it?

    p/s: I found a similar question, but not too sure are they the same issue.

    Thanks.

  2. The XML-RPC Library used by WordPress is not affected by this latest vulnerability. WordPress uses IXR not PHPXMLRPC or PEAR XML_RPC.

    As long as you are running the latest version of WordPress 1.5.2 you are safe. There was a security flaw in IXR which was fixed in WordPress 1.5.1.3 2 months ago.

  3. sapiensbryan
    Member
    Posted 8 years ago #

    Thanks for the clarification. :-)

  4. lomara
    Member
    Posted 8 years ago #

    According to this article at Cnet, there is a new Linux worm which exploits this vulnerability. Symantec and McAfee each have posted descriptions of this worm which show it is attacking the xmlrpc.php file in WordPress. I take it that those of us running 1.5.1.3 or the current release are now immune to this?

  5. Mark (podz)
    Support Maven
    Posted 8 years ago #

    I asked about this on the hackers list yesterday.

    The article is wrong.
    WordPress uses a different xml-rpc file, and westi's answer above addresses what was a problem.

    There are no known vulnerabilities in WordPress at this time.

  6. Mark (podz)
    Support Maven
    Posted 8 years ago #

    "I take it that those of us running 1.5.1.3 or the current release are now immune to this?"

    UPDATE to 1.5.2 - you are at risk with any lesser version.

  7. lomara
    Member
    Posted 8 years ago #

    Thanks for the clarification podz.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags