WordPress 2.8.4

Aug 13

wingloonWordPress 4 Comments

WordPress 2.8.4 is released on August 11, 2009 because a vulnerability was discovered a day before. This vulnerability is a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. This vulnerability is critical because the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. As the result, this doesn’t allow remote access but it is very annoying to all WordPress users. So, do proceed with your WordPress upgrade now.

Source: WordPress

4 Comments (+add yours?)

  1. Danesh
    Aug 14, 2009 @ 09:52:19

    I kena man, password got reset. But thank god no loss…

  2. simon
    Aug 17, 2009 @ 12:03:55

    Just upgraded mine yesterday night.

  3. Muzika
    Aug 23, 2009 @ 21:52:09

    Wow… These security vulnerabilities are being exploit more often than they have to be, I have to upgrade about 20 customer’s blogs because of these vulnerabilities :/

  4. wingloon
    Aug 27, 2009 @ 14:08:01

    Danesh, simon & Muzika, good to hear that all of you have upgraded :)

Leave a Reply