Upgraded to WordPress 2.8.4, Reset Password Vulnerability

Thursday, August 13, 2009 @ 11:21 am by Sofie Hofmann

I finished upgrading all the blogs and sites that I maintain yesterday from WordPress 2.8.3 to WordPress 2.8.4, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, Weggis along Lake Lucerne Switzerland, and Leocadio Alonsagay Dioso Memorial Public Library, all of them in just one day. Imagine I just upgraded to WordPress 2.8.3 from WordPress 2.8 last Monday, August 10, 2009.

But it is again time to upgrade your blog or site to WordPress 2.8.4. The new WordPress 2.8.4 version is a security release. It is highly recommended that you upgrade your blog or site NOW as there is a vulnerability with the previous version of WordPress wherein anybody can reset the admin password.

A URL can be requested which will reset your admin password. I will not give you the idea on how to do it as it will only make your blog or site vulnerable. I tested it myself. It does not allow remote access but it could give you inconvenience.

When someone tries to reset your password, the message will be sent to the email address of the admin, so there should really be no danger. You can get your new password and you can change your password again once you are logged in.

The problem here is, when someone tries to reset the password more than 100 times on your blog or site, then you will probably get confused which password is the right one. You do not want that to happen, right? Then upgrade your blog or site now.

This entry was posted on Thursday, August 13, 2009 at 11:21 am and is filed under WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
«
»

Related Posts

1 Comment to “Upgraded to WordPress 2.8.4, Reset Password Vulnerability”

  1. BLOG » Upgrade and Keep your WordPress Secure » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland says:
    Thursday, October 01, 2009 at 3:17 am

    [...] Aside from the worm, an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password Vulnerability. [...]

    Reply

Leave a Reply

Commenting is under moderation.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

«
»
 
 
 
 
 
 

Random Posts

Site Updates and Important Notices

Pandan.ph upgraded to WordPress 2.0.5

GeoCities has finally closed

LAUNCHING!

Bugang, Hiyas ng Turismo 2006 Finalist

Get Indexed by Google and Bing Search Engines

Counterize II WordPress Statistics Plugin

Pandan.gov.ph News improved

Recent Posts

Upgraded to WordPress 3.0 “Thelonious”

New Web Design for the Twitter Homepage

Upgraded to WordPress 2.9.2

How to backup Database via phpMyAdmin

Upgraded to WordPress 2.9 “Carmen” to WordPress 2.9.1

How to locate Databases or phpMyAdmin at the DREAMHOST Control Panel

Happy New Year 2010!

How to locate Databases or phpMyAdmin at the H-SPHERE Control Panel

Who is behind Sehdi.com?

I am Sofie Hofmann and I have been designing websites since 1999. My background is in training, sales and marketing management before venturing into web design and development but merely as a hobby.
Read more...

Make money with Text Link Ads
Text Link Ads