ghacks Technology News

WordPress 2.8.4 Security Update

wordpressWe noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be used to annoy those users especially when combined with an automated script that would reset the password every seconds or minutes.

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the WordPress installation. WordPress installations with the fix are safe from these kinds of attacks.

The WordPress team has nevertheless released WordPress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every WordPress installation. The WordPress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the WordPress installation. WordPress is not showing the new version in its interface. This may change in the next hours.

WordPress admins should head over to the WordPress website to download the new version as of now.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

WordPress Remote Admin Password Reset Vulnerability
WordPress 2.6.5 Security Update
WordPress 2.8.6 Security Update
WordPress 3.03 Security Update Released
WordPress 3.3.1 Security Update Available



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Wednesday August 12, 2009 -
Tags:, , , ,

Previous Post: Is My Blog Working

Next Post: Google Chrome 4

Click on the following link(s) to read more about The Web

Responses so far:

  1. Rarst says:
    August 12, 2009 at 10:29 am

    WordPress is not showing the new version in its interface.

    It does, I had upgraded few hours ago. When update notice shows depends on when WP last checked for updates. It is only performed every so often to not waste resources on each admin area load.

    Reply
  2. Vic of BusinessAccent says:
    August 12, 2009 at 4:03 pm

    Thank you for the information. I have noticed that there is already a new security update for wordpress in my dashboard. I search for the review and I found your site. Thanks again for the helpful information.

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts


Follow This Blog

Ghacks Newsletter
RSS Feeds
Google+ Page
Facebook Fan Page
Twitter



Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us