“Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.”
What are WP users on shared servers supposed to do? “Disabling XML-RPC features is the recommended workaround” – How to do?
If you control the server, try this:
pear upgrade XML_RPC
- The topic ‘PHP Blogging Apps Open to XML-RPC Exploits’ is closed to new replies.