WordPress 2.8.4 has been released. It’s a security release, which means you should upgrade immediately. This version fixes a problem that could allow remote users to reset the administrative password. Below is a summary from the WordPress development blog:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
The SANS Internet Storm Center had a nice post about this earlier today that details why WordPress 2.8.4 was necessary.
Well, now what?
Work with Me
I'm available for hire and always taking new clients, big and small. Got a project or an idea you'd like to discuss? Startup plan but no developer to make it happen? Just get in touch, I'd love to see if I can help you out!
Leave some Feedback
Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and reply to nearly every comment. Let's talk. 😀
One thought on “WordPress 2.8.4 Security Release”