WordPress Security Update 3.0.3 Fixes XMLRCP Remote Publishing

Filed under: Wordpress Tips

The security fixes just keep on coming from the WordPress Team … I guess we should be happy that they actually publish them rather quick but two fixes in as many weeks is going to have a lot of people retrieving patches.

The update repairs a problem with the XML-RCP remote publishing features and also a problem where users can get elevated rights to modify or delete posts.

This is the feature that allows you to publish by email. This option is turned off by default and you can check your settings by going to your General/Writing settings in your dashboard.

It is suggested that you install this patch whether or not you make use of the remote publishing features.

The files that are changed include:

wp-includes/version.php
xmlrpc.php
readme.html
wp-admin/includes/update-core.php

You can view the changes to the code here

http://core.trac.wordpress.org/changeset/16803