Search
Here comes WordPress 2.8.4
12 Aug2009
It seems that we will be getting a new version of WordPress every week. The latest in this regard is that WordPress 2.8.4 has been released. Again this latest version comes out as a security release. The reason which prompted the WordPress team to release this version was because a vulnerability was discovered one or two days before.
The vulnerability allowed to issue a request for a specially crafted URL, thus enabling the hacker/attacker to evade the security check for verifying user request for a password reset. the result of which appears in the form of an unsolicited password reset.
Also this release solves all the known problems. It is recommended to get hold of this latest release as soon as possible. This is how WordPress announced it.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
Download WordPress 2.8.4
- In: Development
- Tags: WordPress, WordPress 2.8.4
1 Response to Here comes WordPress 2.8.4
Warning: WordPress under attack; users must upgrade | Geekword
September 6th, 2009 at 10:38 am
[...] you are also running your own WordPress blog that isn’t up-to-date (that is you are not running WordPress 2.8.4), so you are requested to upgrade immediately to the latest version of the software to avoid an [...]