WordPress 2.8.4

by Brian Groce on August 14, 2009

WordPress 2.8.4 was released on August 12th, 2009 as is a security release.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

Schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.

About The Author: Brian Groce

Brian Groce is a native Indianapolis resident and is the President & CEO of Watershed Studio, a web design & social media marketing firm located in the historic Stutz building in downtown Indianapolis. Brian is also a co-founder of Indy Media School and the man behind the curtain of all things Surge Bucket Media related. But first and foremost, Brian is the husband of his beautiful wife Amanda and the father of a house full of little ones.

Leave a Comment

Previous post:

Next post: