Aug 12

WordPress 2.8.4: Security Release

Posted by Indrek in News


Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.


Original article can be found on WordPress Blog Wordpress 2.8.4: Security Release

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • email
  • MySpace
  • Reddit
  • StumbleUpon
  • Technorati
  • Twitter

Related posts:

This entry was posted on Wednesday, August 12th, 2009 at 8:14 AM and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.