WordPress Zaps a Security Bug, Releases 2.8.4

Team WordPress (news, site) has discovered and destroyed another security bug. This particular problem was considerably more serious than the privilege escalation issues we saw in the last security update, but still not terribly detrimental.

Via a specially crafted URL, an attacker could bypass a security check to verify a user requested password reset. In the event of an unauthorized reset, the first account without a key in the database (usually the administrative account) would have its password reset, and the new password would be emailed to the account owner. Says Matt Mullenweg, founding WordPress developer: "This doesn’t allow remote access, but it is very annoying."

As usual, the WordPress development team was quick to fix the issue, and version 2.8.4 can be downloaded here.

Continue to follow us as we follow the famous web CMS here, and keep the solution healthy by contributing your feedback to the weekly dev chats here.

comments

Useful article?

 Email It      

Follow @cmswire

Related Articles:

• Web Experience: Beautiful Does Not Always Mean Usable
• IBM Releases Commerce Cloud, SAP to Compete With Ariba US$ 4.5 Billion Buy
• Happy Birthday! 7 Ways the Enterprise Uses YouTube

Tags: blogging, blogging platforms, open source cms, web cms, web publishing, wordpress

Team WordPress (news, site) has discovered and destroyed another security bug. This particular problem was considerably more serious than the privilege escalation issues we saw in the last security update, but still not terribly detrimental.

Via a specially crafted URL, an attacker could bypass a security check to verify a user requested password reset. In the event of an unauthorized reset, the first account without a key in the database (usually the administrative account) would have its password reset, and the new password would be emailed to the account owner. Says Matt Mullenweg, founding WordPress developer: "This doesn’t allow remote access, but it is very annoying."

As usual, the WordPress development team was quick to fix the issue, and version 2.8.4 can be downloaded here.

Continue to follow us as we follow the famous web CMS here, and keep the solution healthy by contributing your feedback to the weekly dev chats here.

Most Popular Articles