A vulnerability in WordPress 2.8.3 was discoved yesterday. The WordPress Blog says:
A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
The WordPress is now updated to version 2.8.4, and is available for download. Remember, you can easily update WordPress automatically :-)
{ 0 comments }
