WordPress 2.8.4 Security Update

12 Ago/09

wordpressWe noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be used to annoy those users especially when combined with an automated script that would reset the password every seconds or minutes.

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the WordPress installation. WordPress installations with the fix are safe from these kinds of attacks.

The WordPress team has nevertheless released WordPress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every WordPress installation. The WordPress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the WordPress installation. WordPress is not showing the new version in its interface. This may change in the next hours.

WordPress admins should head over to the WordPress website to download the new version as of now.

Tags: , , , , ,

Related posts

Continua a leggere – Original Link: WordPress 2.8.4 Security Update

Technorati Tags: , , , , , , ,

Realizzazione Sito Gestionale Immobiliare

Leggi Anche

Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie


I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.


    Spina Rosario
    Inserito da


Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter


    Auto Shop Italia
    Web Burning Blog
    Info Privacy