WordPress.org

Ready to get started?Download WordPress

Forums

"vulnerability in the XMLRPC module for PHP" (4 posts)

  1. kmurphy
    Member
    Posted 8 years ago #

    a site that has an implementation of WordPress 1.2.1 was hacked a couple times this week due to this vulnerability (I know I should just upgrade, but don't have the time right now...) so I was wondering if what I did, solved the problem... I downloaded the latest stable release of the xmlrpc module, when I unzipped the files, I found two files among the many that resembled these two files in wordpress: 'class-xmlrpcs.php' and 'class-xmlrpc.php'. The files were 'xmlrpcs.inc' and 'xmlrpc.inc'. I scanned the files and they looked similar so I simply changed the names and uploaded them. Things seem to work, but was wondering if doing what I did will solve the vulnerability problem??
    Thanks for the help.

  2. Even if you managed to solve that particular hole, there are still others.

    It's WAY past time to upgrade to 1.5.2. ;)

  3. kmurphy
    Member
    Posted 8 years ago #

    point taken... thanks.

  4. moshu
    Member
    Posted 8 years ago #

    Based on several updates I've done I'd say the time spent on "scanning the files" and "changing names" (plus writing the post here) etc. probably was longer than the update itself would have been :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags