Performancing Metrics

WordPress 2.8.4 Released: Security Update

I am not even sure that we should be posting about new releases any longer, with the 2.0 branch of WordPress dead, everyone should be running a version of WordPress that notifies you of new releases and so this will probably be the last point release that I talk about on here unless you, the readers, would prefer it otherwise.

For those not in the know, it seems like another security issue has been found. This one is more of an annoyance than a true security issue, but it is worth upgrading for.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Check it out on the WordPress.org Blog if you need more details about the fix.

Categories: WordPress News

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account

Comments

  1. V.C ) says: 9/2/2009

    I’ve just update to 2.4 version.
    I don’t know why there are still some security problems =.=

    Reply

Current ye@r *