Another XML-RPC security issue

After a vulnerability was discovered in our bundled XML-RPC library earlier this year, the Hardened-PHP project did a code audit and found another security issue. They worked together with the library authors to solve the issue.

We'll be wrapping the fixed library files together with some other bugfixes into a Nucleus v3.22 release later this week. For now, a temporary fix is available:

  1. Download this file: nucleus-xmlrpc-patch.zip
  2. Extract both the files (xmlrpc.inc.php and xmlrpcs.inc.php) into your /nucleus/libs folder.


15/08 - Permalink