WordPress 2.8.4 – Security Release

Yet again, another WordPress security update. This is the FOURTH update since v2.8 was released. ๐Ÿ™

In any event, here’s what’s changed:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesnโ€™t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

If you’re running an older version of WordPress, you’ll want to update ASAP!


Enjoyed this post?
Subscribe to Zander Chance via RSS Feed or E-mail and receive daily news updates!

Submit to Digg  Stumble This Story  Share on Twitter  Post on Facebook  Post on MySpace  Add to del.icio.us  Submit to Reddit  Fave on Technorati

Leave a Reply