Aurstad Web Consulting

With Experience in Web Development, Marketing and Online Business. Providing his Knowledge as a Consultant to Clients World-Wide for the Past 8 YEARS and Counting…

Update: WordPress 2.8.4 Security Release

Posted by Haavard Aurstad on August 11th, 2009

New WordPress 2.8.4 security release. A new vulnerability was discovered yesterday by the WordPress team. As usual, like any other security release, its highly recommended that you upgrade your older WordPress version.

From the WordPress Team this morning:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Make sure you update your WordPress to the latest version by simply using the Automatic Update from your WordPress admin or manually download WordPress 2.8.4.

Share

Tags: ,
Want to be the first to comment? »

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>