WordPress 2.8.4

WordPress 2.8.4 has been released and also similar to WordPress 2.8.3, this is a security fix.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Changelog: WordPress 2.8.4
Download: WordPress 2.8.4
Download: Modified files since WordPress 2.8.3

1 Star2 Stars3 Stars4 Stars5 Stars (564 votes, average: 3.85 out of 5)

11 thoughts on “WordPress 2.8.4”

  1. Your blog is very helpful. I have a ton of WP blogs to update each time, and grabbing the “modified files only” makes life MUCH easier. Thanks!

  2. However, as far as I know, we can update wordpress automatically from interface right?

    So what’s the point of downloading or redownloading?

  3. However, as far as I know, we can update wordpress automatically from interface right?

    So what’s the point of downloading or redownloading?

  4. Hi from Tokyo. I’ve just installed 2.8.4 and PostRatings on my site and works very nicely. Appreciate your work on the plug-in! I did some quick translation to Japanese for mysel and wondering if you need any help on a Japanese localization. Thanks again for a wonderful plug-in! FYI: I’m a web designer / journalist based in Tokyo who studied design in New York.

Comments are closed.