WordPress 2.8.4 Security Release

WordPress 2.8.4 has been released. It’s a security release, which means you should upgrade immediately. This version fixes a problem that could allow remote users to reset the administrative password. Below is a summary from the WordPress development blog:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

The SANS Internet Storm Center had a nice post about this earlier today that details why WordPress 2.8.4 was necessary.

You might like these posts too::

  1. WordPress 2.3.3 Security Release
  2. WordPress 2.3.2 Urgent Security Release
  3. WordPress Security Issue
  4. WordPress 2.0.6 Important Security Update
  5. WordPress Security Update

One Response to WordPress 2.8.4 Security Release

  1. T. Longren says:

    WordPress 2.8.5: Hardening Release…

    WordPress 2.8.5 has been released. This is another security release, just like the 2.8.4 release. As with the last release, the SANS Internet Storm Center has another post about the latest WordPress.

    The WordPress team decided to call 2.8.5 a hard…

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>