Wordpress 2.8.4 Released!

Wordpress 2.8.4 has been released today. Yea yet another sudden short interval update. I know you must be saying that this is becoming annoying to keep upgrading against security issues almost each week now.

On the other hand we should be glad that security holes are being reported and wordpress are working on these very quickly. Yesterday itself a really serious vulnerability on wordpress was reported. The Admin Password Reset Exploit has been fixed in 2.8.4 and if you are using Wordpress you MUST upgrade.

Below is what Matt from Wordpress says about the fix:

“Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.”

The problem has been fixed overnight and if you are already on any of the 2.8.x versions you need to upgrade right now.