WordPress 2.8.4 Security Release

Internet, Open Source, Security, WordPress 1 Minute

WordPress 2.8.4 has been released. It’s a security release, which means you should upgrade immediately. This version fixes a problem that could allow remote users to reset the administrative password. Below is a summary from the WordPress development blog:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

The SANS Internet Storm Center had a nice post about this earlier today that details why WordPress 2.8.4 was necessary.

0

Well, now what?

Work with Me

I'm available for hire and always taking new clients, big and small. Got a project or an idea you'd like to discuss? Startup plan but no developer to make it happen? Just get in touch, I'd love to see if I can help you out!

Leave some Feedback

Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and reply to nearly every comment. Let's talk. 😀

Longren.io is proudly hosted by DigitalOcean

DigitalOcean

Published by Tyler Longren

Hi! I'm Tyler Longren, a freelance web developer. I'm a father to two beautiful daughters and a car stereo enthusiast. I like PHP, JavaScript, WordPress, Git, HTML5 & CSS3, and other neat things. I really love the open source community, too. You can find me on twitter or Google+, and Github. This is my personal blog and that's it!

Published

One thought on “WordPress 2.8.4 Security Release

  1. Pingback: T. Longren

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.