WordPress 2.8.4 Security Update
Yesterday I updated all 7 of my blogs to WordPress 2.8.4 to address the security fix that was mentioned below in the official wordpress blog:Â Though I think they may have downplayed the security threat, I think this could have compromised an admin account, it would be a good idea for everyone to upgrade and keep on top of the security updates for WordPress.
WordPress 2.8.4: Security Release
Posted August 12, 2009 by Matt. Filed under Releases, Security.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Related posts:
- WordPress 3.0.4 Update Released Wordpress releases version 3.0.4 yesterday which closes a "critical" security vulnerability in how the KSES library is vulnerable to XSS...
- WordPress 3.0.2 Mandatory Security Fix Wordpress 3.0.2 is released and has a mandatory security fix that is essential for multi author blogs who have writers...
- WordPress 3.0.3 Update Released Wordpress 3.0.3 closes some security vulnerabilities with remote publishing and Wordpress author or contributor accounts....
- Find System Statistics with WP Security Scan Wordpress plugin WP Security Scan can tell you some great information about your system settings for your blog, like memory...
- Optimize your WordPress Database with WP-Optimize WP-Optimize is a fantastic plug-in for Wordpress that allows you to cleanup and optimize your Wordpress SQL Database without logging...
