Not a developer? Go to


Movable Type 5.18 release notes

This version of Movable Type was released December 10, 2014.

Movable Type versions 6.0.6, 5.2.11 and 5.18 were released as mandatory security updates. These updates resolve a vulnerability discovered in Movable Type’s XML-RPC interface (CVE-2014-9057). All users should upgrade to this latest release immediately.

Please see Securing Movable Type for additional steps to protect your installation.

Security patches

An issue involving possible SQL injection originating through the XML-RPC interface has been fixed. (#112625)

Note: Users who do not use XML-RPC and disabled the mt-xmlrpc.cgi script per instructions in Securing Movable Type are not vulnerable to this issue. We nevertheless highly recommend upgrading.


  • Netanel Rubin from Check Point Software Technologies (#112625)

All bugs are documented through an external site. A FogBugz account is required in order to view case details.