Archive for August, 2009

12th August 2009

WordPress 2.8.4

Posted by Lester Chan at 10:18 in WordPress

WordPress 2.8.4 has been released and also similar to WordPress 2.8.3, this is a security fix.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Changelog: WordPress 2.8.4
Download: WordPress 2.8.4
Download: Modified files since WordPress 2.8.3

Tags: ,

11 Comments | 5,579 views

Email This Post Email This Post Print This Post Print This Post

1 Star2 Stars3 Stars4 Stars5 Stars (560 votes, average: 3.84 out of 5)
4th August 2009

WordPress 2.8.3

Posted by Lester Chan at 00:34 in WordPress

WordPress 2.8.3 has been released and similar to WordPress 2.8.2, this is a security fix.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended

Changelog: WordPress 2.8.3
Download: WordPress 2.8.3
Download: Modified files since WordPress 2.8.2

Tags: ,

2 Comments | 3,808 views

Email This Post Email This Post Print This Post Print This Post

1 Star2 Stars3 Stars4 Stars5 Stars (287 votes, average: 3.71 out of 5)