Honestly I have not been interested in Wordpress release updates lately because I was of the opinion that security flaws can not be dangerous for blogs but I had to change my opinion recently when I found out that a couple of blogs have been hacked as a result of the Wordpress security loop holes.

This means that there is a big group of hackers out there who are well aware of Wordpress security issues and target random blogs by hacking into the blog and deleting all the valuable data. The best way to prevent your blog from getting hacked is to keep the Wordpress version updated as the new versions always contains security fixes.

Wordpress 2.3.3 is an urgent security upgrade for Wordpress blogs that was released just a couple of hours ago. This release fixes a flaw in the xmlrpc.php file that would allow any valid user to edit posts of any other user on that blog by implementing a specially crafted request. Plus it fixes a lot of other minor bugs too.

To fix the security issue only you just need to download the fixed xmlrpc.php file and replace it with your existing xmlrpc.php file. Otherwise it is recommended to download the whole release from here.

There is also a special note for Wordpress users to not use the WP-Forum Plugin. WP-Forum Plugin is a famous Wordpress plugin that allows a user to create a Wordpress powered forum but some days ago WeblogToolsCollection pointed out a big security loop hole in this plugin which could harm Wordpress blogs.

So the short story is:

1. Upgrade to Wordpress 2.3.3
2. Remove/Not use WP-Forum Plugin