Today WordPress relese a new version, WordpRess 2.8.4. Matt say :
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
Well a great job for WordPress team, fixed the security hole as fast as they can. So to those who using a WordPress as a self-hosted platform, you better hurry up to upgrade as soon as posible to patch the security.
WordPress Version 2.8.4 can be download here
If you wanna see the WordPress antusias pingback, you can go directly to WordPress Security Relese.
Keep on the good work team :D
0 comments:
Post a Comment