I updated to WordPress 2.8.4 security release today. It was quite a challenge since internet connection in Manila is slow due to some underwater cables connecting the internet infrastructure in Asia was damaged. How critical is WP 2.8.4 for me, well lets just say that its high: I got some notification email from my blog that someone is trying to change the password of one of the accounts (hehe creepy!). So if you are a wordpress blog admin, I highly suggest that you update to WP 2.8.4 as soon as possible.
Quoting official wordpress developers blog:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Its good to hear that the vulnerability does not allow remote access, but I agree its annoying nonetheless.
Again my thanks to the WordPress dev team for the timely action. This really shows that we have a great community here at WordPress (naks!)
So if you are a wordpress blog admin, I highly suggest that you update to WP 2.8.4 as soon as possible.
As per my other WP updates, I also give some heads up info on what posts I’m brewing now. The WP 2.8.2 update promises are still 25% complete 🙁 but I’m adding that over the weekend I post some historic “firsts” for Menardconnect.
Watch out for it!!!