There was a vulnerability discovered in WordPress 2.8.3 that was very alarming and of course an immediate update was released.
According to WordPress.org – A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
What changed in 2.8.4?
Too many files to list here, but there are a total of 101 files that have been changed. Most of these files reside in the wp-includes folder. To see the full list go here.
In the WordPress.org download page you will see the “Release Notification” area on the right. Here you can enter your email address to receive updates on new stable releases.
Recent posts in Security