WordPress 2.8.4: Security Release

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Sponsored by Internet Pharmacy - Indian Pharmacy, an online pharmacy supplies more than 600 quality generic medications, free prescription, worldwide shipping.

Canadian Pharmacy canada pharmacy

Related posts:

  1. WordPress 2.8.6 Security Release WordPress 2.8.6 Security Release 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog,...
  2. WordPress 2.8.3 Security Release WordPress 2.8.3 Security Release Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community...
  3. WordPress 2.9.1 Release Candidate 1 WordPress 2.9.1 Release Candidate 1 Thanks to everyone who tested 2.9.1 Beta 1.  We’re following that up with Release Candidate 1.  RC1 contains a few more fixes, bringing the number...