Forgot your password?

xtreemhost

WordPress 2.8.4: Security Release

A vulnerability was discovered in WordPress version 2.8.3: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

The problem has been fixed in version 2.8.4, which fixes all known problems. It is highly recommended for all users of WordPress to upgrade their installation.

The latest version is also available in our automatic script installer.

This entry was posted in News, Uncategorized and tagged . Bookmark the permalink.

Archives