gordon.dewis.ca - Random musings from Gordon

Subscribe

WordPress 2.8.4

August 11, 2009 @ 23:03 By: gordon Category: Meta, WordPress

WordPress 2.8.4 has been released. While most releases are important, this one is particularly important. It addresses a security vulnerability that was discovered yesterday. The vulnerability allows a very specially crafted URL could allow a malicious individual to bypass a security check to verify a user requested password reset. It only affects the first account without a key in the database, which is usually the admin account. The owner of the account would receive an email with the new password, so the attacker wouldn’t gain access, unless they had access to the email associated with the account in question, but it’s still annoying.

Leave a Reply