WordPress 2.8.2 is available! Please update now.

cd34 · 2009-08-13, 04:45 PM

http://wordpress.org/development/200...urity-release/

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

I'm not sure if it is worth upgrading specifically for this, but, if you're not in the 2.8.x series, it would be worth upgrading.

2009-08-13, 04:45 PM	#14
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	http://wordpress.org/development/200...urity-release/ Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. I'm not sure if it is worth upgrading specifically for this, but, if you're not in the 2.8.x series, it would be worth upgrading. __________________ SnapReplay.com a different way to share photos - iPhone & Android

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode	Rate This Thread: