Changes between Version 11 and Version 14 of Ticket #5313
- Timestamp:
- 02/02/2008 05:45:20 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #5313
-
Property
Severity
changed from
criticaltoblocker
-
Property
Severity
changed from
-
Ticket #5313 – Description
v11 v14 3 3 Feb 2, 2008 http://wordpress.org/support/topic/134928 now describes a security issue in xml-rpc: 4 4 5 A personal has to already have an account on your blog, or be able to create an account (subscription)5 Although this ticket has been open for 3 months, the previous description and the discussion here, on the forums, and elsewhere did not identify the vector. 6 6 7 WORKAROUND: if enabled, disable subscription to your blog, or remove xmlrpc.php . 7 A person has to already have an account on your blog, or be able to create an account (even just subscription) to abuse this bug. 8 9 WORKAROUND: if enabled, disable account creation including subscription to your blog, or temporarily delete the file xmlrpc.php . 8 10 9 11 http://wordpress.org/support/topic/134928/page/2#post-686510