WordPress 2.8.4 Security Release



WordPress 2.8.4

Another heads up for all WordPress users. The WordPress dev team just released another security update WordPress 2.8.4 to fix a vulnerability discovered yesterday.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

If you were trying to access JaypeeOnline earlier and got an error message or a Forbidden page, it was because I was upgrading my WordPress install to version 2.8.4. I strongly advice that you do the same thing and upgrade your WordPress install ASAP. I know I always say this but I don’t and won’t get tired of saying it – “Better safe than sorry”. Doing the upgrade will only take a few minutes of your time and in case you’re still new to WordPress and are not familiar with the process, the WordPress Codex has a dedicated page that contains a detailed process on how to upgrade WordPress.


Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

2 Comments

  1. JP Habaradas

    August 12, 2009 at 8:00 AM

    @K – I know the frequent updates and upgrades is a bit tiresome to some users but this is something that makes WordPress a good CMS/blogging platform because its always up-to-date and kept free from bugs, security issues and other flaws.

    What version of WordPress are you using? I noticed that the auto-upgrade function doesn’t work on WP 2.8.1-2.8.2 and when I upgraded to WP 2.8.3, it worked. Let me know if the same thing is true with your WP install. Btw, you don’t have to be shy about doing the upgrade manually because I do mine manually. The only time I use the auto upgrade function is when my plugins require an upgrade. ;)

  2. K.noizki

    August 12, 2009 at 7:58 AM

    I’m tired upgrading, since 2.8.1 I promised that I won’t update until a new release is stable. It’s like the upgrade happens every month. Even the auto-upgrade from the Dashboard never works so you know when I do, I, shyly to say, manually update it – such a pain in the behind, huh?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.