• Subcribe to Our RSS Feed

WordPress 2.8.4 Released to Fix Admin Password Reset Exploit

Aug 11, 2009 by     10 Comments    Posted under: Wordpress

If you don’t want hackers to reset your passwords better do the upgrade immediately :

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

OOppsss I need to update lots of blog .. Need ty find time for my very busy schedule now adays

10 Comments + Add Comment

  • since updating to 2.8.4, i cannot use wordpress for iphone app. why is this?

    • @scott,

      Maybe the developer of that application should update it and make it compatible with WordPress 2.8.4

  • Ok to. Time to upgrade!

  • thnks for sharing… better to upgrade agaiin.. heheh

    • @Blogfornoob Dot Com,
      Better do a minute of update than to have 2 days of down site due to hack πŸ™‚

  • That’s fast! just updated from WP 2.8.3 and now there’s 2.8.4…
    Awesome! πŸ™‚

    • @metalpig,

      Nakuw.. late ko na nabasa itong comment mo ha ha ha.. πŸ™‚

      • @sir Dex,
        oks lang sir nakapag-update na rin ako πŸ™‚
        medyo busy ka yata ngayon ah, si esmi ang nagpo-post… heheheh

      • @metalpigs,

        OO nga may tinatapos akong project. Buti na lang marunong ng magblog misis.. Susunod nyan mga anak ko na makikita mo nag blog dito he he e

Got anything to say? Go ahead and leave a comment!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>