[wp-hackers] XML-RPC Exploit?

Roy Schestowitz r at schestowitz.com
Tue Jul 5 05:27:38 GMT 2005

Quoting Scott Merrill:

> Ryan Boren wrote:
>> On Tue, 2005-07-05 at 02:06 +0100, Roy Schestowitz wrote:
>>> http://it.slashdot.org/article.pl?sid=05/07/04/2153224&tid=95&tid=172&tid=169
>>> Can anybody please comment on the relevance of WordPress? Bearing 
>>> in mind that
>>> the  flaw may have been addressed already, it is still mentioned among
>>> applications that are susceptible to an XML-RPC exploit.
>> Not relevant to WP.  We don't use the php libraries.  Ours is a
>> different but similar XMLRPC exploit.  There was ours, the php one, and
>> the PEAR one all at the same time.  Ours was unique to us whereas the
>> php and PEAR ones affected lots of projects.
> It might be worth throwing this onto the Devblog, so that "our people"
> get the right news from us, instead of the Slashdot crowd.

I have just peeked at that Slashdot item again and ran a quick search. 
At least
3 commenters stated clearly that WordPress had released a fix.


Roy S. Schestowitz

More information about the wp-hackers mailing list