WordPress 2.8.4 Security Fix

by on 08/12/2009 in Security, WordPress

There was a vulnerability discovered in WordPress 2.8.3 that was very alarming and of course an immediate update was released.

The vulnerability

According to WordPress.org – A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

What changed in 2.8.4?

Too many files to list here, but there are a total of 101 files that have been changed. Most of these files reside in the wp-includes folder. To see the full list go here.

Download WordPress 2.8.4

In the WordPress.org download page you will see the “Release Notification” area on the right. Here you can enter your email address to receive updates on new stable releases.

11 Responses to “WordPress 2.8.4 Security Fix”

  1. Joanie

    Aug 12th, 2009

    I’m getting a couple of my sites upgraded tonight, I hope. Thank goodness for wordpress hosting. I’d never get around to doing it myself, I’m afraid. :-)
    .-= Joanie´s last blog ..You don’t need willpower =-.

  2. Frank J

    Aug 12th, 2009

    No need to be afraid! This one is a clean and easy upgrade.

  3. Fool

    Aug 12th, 2009

    This is exactly why I keep coming back. If you agree please give this site a like.

    http://likaholix.com/fool/1037947/techjaws-internet-security-and-seo
    .-= Fool´s last blog ..Let’s be racist, to make a buck shall we? =-.

  4. Sire

    Aug 13th, 2009

    One of the reasons I always keep up to date with the latest version is basically because I have to in order to keep ahead of the security issues.

    I read this really interesting post about a pearl script that is used to detect if any hackers try and manipulate any files in your wordpress folder.
    .-= Sire´s last blog ..Updating The Update On Snap Dollars =-.

    • Frank J

      Aug 13th, 2009

      Sire,

      Thank you for sharing that link. I will review this today.

  5. BunnygotBlog

    Aug 14th, 2009

    Hi Frank,

    Yesterday I did an update to the latest version of wordpress.

    What I found with the prior version was that akismet wasn’t working as well as before.

    Would tantan noodles spam plugin help correct the problem?
    .-= BunnygotBlog´s last blog ..Eleanor Roosevelt: Speaking Volumes, Part 2 =-.

    • Frank J

      Aug 14th, 2009

      Bunny,

      There may be an update coming soon for Akismet. I would wait a few days before adding any other plugins. I once used WP-Spam and it worked pretty good, but not 100%.

  6. Teasastips

    Aug 14th, 2009

    I just moved two blogs over to wordpress…I think the fix was there already when I installed the latest version. Thanks Frank!
    .-= Teasastips´s last blog ..Has The Internet Become The New Economy? =-.

    • Frank J

      Aug 14th, 2009

      You’re good than Teasas!

    • Frank J

      Aug 15th, 2009

      Teasa,

      I am glad all went well during your upgrade!

      • Teasastips

        Aug 20th, 2009

        thx. I am in the process of moving all my blogs over to WP. Except I have to wait until October to move the rest over–the domains are locked until then. Sigh…
        .-= Teasastips´s last blog ..A Make Money Business Opportunity =-.