Wordpress 2.3.3 fixes XML-RPC bug

Please upgrade your Wordpress blog as sun as possible to the released version 2.3.3, because there are security reasons for it. Further check the content of your posts in the code perspective, because maybe it was changed by some intruders, which have possibly used XML-RCP Bug in the Wordpress version 2.3.2.

... A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. ... So e.g. I found some strange code lines in my several posts looking like:

<noscript>Furious franchise is a decision internets download nextel <a( deleted href)> madonna ringtones</a> software and.</noscript>

<noscript>Forse vi piacerebbe il software, o l'interfaccia di una particolare <a( deleted href)>poker</a> room, o forse no.</noscript>  

I definitely have not inserted them in to my posts. So how did they get into it? They could be inserted by some Plug-in but they looks so as should be hidden to my eyes, and make few sense for any plug in. Therefore my theory is that they where inserted by bad guys, that used out some of security bugs in wordpress. Presumably they may be used mentioned XML-RPC Bug in the Wordpress version 2.3.2.

P.S. In addition i have deleted some unknown users, because my observation point me to some the believe that this could be the violation of security to. So if you wanna subscribe to the comments or Posts, use RSS. Thank you for understanding.


Update Dez [2015]: O boy, these yearly day with Wordpress and a ton of security issues... ;)