Support » Requests and Feedback » Security issues with xmprpc.php

  • My system here was recently hacked via a rather nasty exploit in xmlrpc (see http://phpxmlrpc.sourceforge.net/). The target file for the exploit was xmlrpc.php, probably part of Drupal. I note that WordPress uses a file by this name, apparently customized for or written for WordPress. Does this file contain code from xmlrpc.inc or xmlrpcs.inc from the phpxmlrpc project, and has it been vetted for and possibly modified to prevent exploits as described at the phpxmlrpc Sourceforge website (and at numerous other places on the Internet)?

Viewing 1 replies (of 1 total)
  • WordPress >= 1.5 uses a different XMLRPC library and is therefore not vulnerable to those exploits.

Viewing 1 replies (of 1 total)
  • The topic ‘Security issues with xmprpc.php’ is closed to new replies.