If you are not running WordPress 2.8.4, your site is vulnerable!  smbutton-blue WordPress 2.8.4 has been released to fix huge a security hole.  This is the vulnerability that was discovered:

A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. /src

If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be a really good time.  WordPress 2.8.4 is highly recommended for all users of WordPress as this version is a security release which fixes all known problems. Available for download here.

Related Posts with Thumbnails

Related Posts

  1. Facebook announces new security feature to help block hackers
  2. WordPress 2.9.1 Peeping Bug
  3. More Annoying Orange
  4. Widgetbucks Deletes Publisher Accounts!
  5. PureType – Premium WordPress Theme for 6/15