gordon.dewis.ca - Random musings from Gordon

Subscribe

WordPress 2.8.4

August 11, 2009 @ 23:03 By: gordon Category: Meta, WordPress

WordPress 2.8.4 has been released. While most releases are important, this one is particularly important. It addresses a security vulnerability that was discovered yesterday. The vulnerability allows a very specially crafted URL could allow a malicious individual to bypass a security check to verify a user requested password reset. It only affects the first account without a key in the database, which is usually the admin account. The owner of the account would receive an email with the new password, so the attacker wouldn’t gain access, unless they had access to the email associated with the account in question, but it’s still annoying.

Leave a Reply

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.