Another heads up for all WordPress users. The WordPress dev team just released another security update WordPress 2.8.4 to fix a vulnerability discovered yesterday.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
If you were trying to access JaypeeOnline earlier and got an error message or a Forbidden page, it was because I was upgrading my WordPress install to version 2.8.4. I strongly advice that you do the same thing and upgrade your WordPress install ASAP. I know I always say this but I don’t and won’t get tired of saying it – “Better safe than sorry”. Doing the upgrade will only take a few minutes of your time and in case you’re still new to WordPress and are not familiar with the process, the WordPress Codex has a dedicated page that contains a detailed process on how to upgrade WordPress.