WordPress 2.3.3 Released: Urgent Security Upgrade
So, another security upgrade is out for WordPress. This one is fairly urgent, as it allows other members of your blog to “hijack” posts not written by them.
From the WordPress development blog:
WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.
Please upgrade to the latest version of WordPress, back up your blog, and as the post also mentions, change your passwords regularly. From what I can tell, there shouldn’t be any adverse effects from this update, so get to it.