This is for all you bloggers who use WordPress
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.
The security hole allows spammers to infect your site with their crappy ads. When doing my backup I found 40 directories full of images and spam pages in a directory called “img” in my pictures directory and in another place within by wp-content. These freeloaders are a scourge.
On the plus side, my code’s up-to-date.
UPDATE: WordPress 2.5 is now released, and it’s very pretty, but it seems to be much slower.