WordPress 2.8.4 | WordPress Philippines

WordPress 2.8.4

August 12, 2009 | Leave a Comment

As expected, Automattic promptly released WordPress 2.8.4, a security update to the previously mentioned remote admin password reset vulnerability.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Whether you’ve patched your WP installation as instructed or not, better grab this upgrade immediately. As always, backup before doing so!

Share This Blog Post

Related Posts

Previous post: Remote admin password reset vulnerability issue in WP 2.8.3 and below
Next post: A WP.com sneak peek?

Tags: admin, automattic, remote password reset, security, update, upgrade, vulnerability, wordpress, wordpress 2.8, wordpress 2.8.4

Leave a Reply

Download WordPress

WordPress Philippines

RSS | Mobile | Email | Twitter

China Wholesale

Recent Posts from WordPress Philippines

Philippine Blog Entries from Technorati

Tag your post wordpressph on Technorati to make it appear here!

Philippine Blog Entries from del.icio.us

Education UK offers new opportunities to Filipinos for 2010
The Pressures of 2nd Semester and the Information Systems Discipline
Thoughts to ponder on rallies from my SCL9 professor
PowerMac and PLDT myDSL School Promo
The Day I Got My ATM Back
Smart’s ‘B’ Free Day, Free Smart BRO Broadband Kits in UST
Would You Care Treat Me to Starbucks?
Enrollment and Michael Jackson’s This Is It
3rd Year First Semester –Five down, Three to go
What Yahoo and Google looked like back in ‘96
Tag your post wordpressph on del.icio.us to make it appear here!

Philippine Blogs We Like

Wordpress Resources

Official WordPress Sites