WordPress v2.84 fixes Security Vulnerability
WordPress has just patched a security vulnerability in version 2.83 which allowed anyone to remotely lockout an admin user by resetting the password, by means of a special URL link.
“The bug … is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required.”
WordPress have quickly fixed the vulnerability in version 2.84 and it is recommended you patch ASAP. Full information available at the link below and as always, users managing their WP installations via Fantastico should follow the correct backup procedures before upgrading.
http://wordpress.org/development/2009/08/2-8-4-security-release/
Related posts:
