WordPress 2.8.4 Security Release

11 Aug 2009 ·

WordPress



WordPress 2.8.4

Another heads up for all WordPress users. The WordPress dev team just released another security update WordPress 2.8.4 to fix a vulnerability discovered yesterday.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

If you were trying to access JaypeeOnline earlier and got an error message or a Forbidden page, it was because I was upgrading my WordPress install to version 2.8.4. I strongly advice that you do the same thing and upgrade your WordPress install ASAP. I know I always say this but I don’t and won’t get tired of saying it – “Better safe than sorry”. Doing the upgrade will only take a few minutes of your time and in case you’re still new to WordPress and are not familiar with the process, the WordPress Codex has a dedicated page that contains a detailed process on how to upgrade WordPress.


Subscribe to JaypeeOnline's RSS feed  Share this on del.icio.us  Stumble It!  Digg this!  Share this on Facebook  Tweet this!  Share on FriendFeed  Bookmark It!  Submit to Reddit!  Share on Mixx  Buzz It!  Email this story to a friend!
Written by Jaypee Habaradas
Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Twitter @jaypee or Facebook.
Didn't find what you're looking for? Try looking for it again.

Related Posts

Related Ads























, , , ,

« Top 10 Emerging Influential Pinoy Blogs of 2009
Samsung Unveils Cameras with 2 LCDs »


2 Responses to “WordPress 2.8.4 Security Release”

  1. Jaypee Habaradas UNITED STATES Mozilla Firefox Ubuntu Linux Says:
    August 12th, 2009 at 8:00 am

    @K – I know the frequent updates and upgrades is a bit tiresome to some users but this is something that makes WordPress a good CMS/blogging platform because its always up-to-date and kept free from bugs, security issues and other flaws.

    What version of WordPress are you using? I noticed that the auto-upgrade function doesn’t work on WP 2.8.1-2.8.2 and when I upgraded to WP 2.8.3, it worked. Let me know if the same thing is true with your WP install. Btw, you don’t have to be shy about doing the upgrade manually because I do mine manually. The only time I use the auto upgrade function is when my plugins require an upgrade. ;)

  2. K.noizki HONG KONG Safari Mac OS Says:
    August 12th, 2009 at 7:58 am

    I’m tired upgrading, since 2.8.1 I promised that I won’t update until a new release is stable. It’s like the upgrade happens every month. Even the auto-upgrade from the Dashboard never works so you know when I do, I, shyly to say, manually update it – such a pain in the behind, huh?

**Comments posted on JaypeeOnline are moderated. I reserve the right to edit/delete comments that contain words or phrases that are defamatory, abusive, incite hatred and advertise an email address, commercial services or spammy.

Don't Be Shy. Share your thoughts!


Live Comment Preview