- Lester Chan's WordPress Plugins - https://lesterchan.net/wordpress -

WordPress 2.8.4

WordPress 2.8.4 [1] has been released and also similar to WordPress 2.8.3, this is a security fix.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Changelog: WordPress 2.8.4 [2]
Download: WordPress 2.8.4 [3]
Download: Modified files since WordPress 2.8.3 [4]