Home / Security / WordPress 2.8.4 Security Fix

 

There was a vulnerability discovered in WordPress 2.8.3 that was very alarming and of course an immediate update was released.

The vulnerability

According to WordPress.org – A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

What changed in 2.8.4?

Too many files to list here, but there are a total of 101 files that have been changed. Most of these files reside in the wp-includes folder. To see the full list go here.

Download WordPress 2.8.4

In the WordPress.org download page you will see the “Release Notification” area on the right. Here you can enter your email address to receive updates on new stable releases.

 

About the author: Frank Jovine

 

The idea for Tech Jaws and most of the look of the site came from Frank’s mind – a place you wouldn’t want to vacation. Frank takes his run of the waters up North, and has been building successful web sites for years. He’s a regular within social communities like Facebook, Twitter, StumbleUpon, Reddit and Digg. His favorite appetite for tech savvy web sites include, TechCrunch, ZDNet, and helping members in Yahoo Answers in the Computer category.

 

Recent posts in Security

 

11 Comments

  1. I’m getting a couple of my sites upgraded tonight, I hope. Thank goodness for wordpress hosting. I’d never get around to doing it myself, I’m afraid. :-)
    .-= Joanie´s last blog ..You don’t need willpower =-.

  2. No need to be afraid! This one is a clean and easy upgrade.

  3. This is exactly why I keep coming back. If you agree please give this site a like.

    http://likaholix.com/fool/1037947/techjaws-internet-security-and-seo
    .-= Fool´s last blog ..Let’s be racist, to make a buck shall we? =-.

  4. One of the reasons I always keep up to date with the latest version is basically because I have to in order to keep ahead of the security issues.

    I read this really interesting post about a pearl script that is used to detect if any hackers try and manipulate any files in your wordpress folder.
    .-= Sire´s last blog ..Updating The Update On Snap Dollars =-.

  5. Hi Frank,

    Yesterday I did an update to the latest version of wordpress.

    What I found with the prior version was that akismet wasn’t working as well as before.

    Would tantan noodles spam plugin help correct the problem?
    .-= BunnygotBlog´s last blog ..Eleanor Roosevelt: Speaking Volumes, Part 2 =-.

    • Bunny,

      There may be an update coming soon for Akismet. I would wait a few days before adding any other plugins. I once used WP-Spam and it worked pretty good, but not 100%.

  6. I just moved two blogs over to wordpress…I think the fix was there already when I installed the latest version. Thanks Frank!
    .-= Teasastips´s last blog ..Has The Internet Become The New Economy? =-.