WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.
Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available.
Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.
WordPress 2.3.3是一个紧急的安全更新版本。发现在xml-prc执行时有一个缺陷:一个特定的请求会导致任何有效的用户在这个博客上修改其他任何用户发表的日志。除了修正这个错误外,2.3.3还修复了一些细小的bug。如果你仅仅对xml-prc的安全问题感兴趣,只需下载修正好的xmlrpc.php然后覆盖掉原来的xmlrpc.php。否则的话你可以在这里下载完整的版本。
另外,还有一个wp-forum插件的问题。黑客正在利用此插件的溢出来攻击。所以你正使用这个插件,在这个插件更新前请删掉它。
尽管我们在关注安全问题,但请使用强密码并且定期修改密码。当你升级WordPress或者你的插件的时候,可以考虑重新设置你的密码。