Another WordPress Security Release

Filed as News on August 12, 2009 3:30 pm

WordPress 2.8.4 is out, and it is yet another security release. Matt Mullenweg describes the issue like this:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

As always you can upgrade automatically from within your admin interface, or download from wordpress.org.

Update: The WordPress MU 2.8.4 version is out too. Download or upgrade automatically.

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. For The Case of WordPress, Against Self-Indulgent Promoters Who Were Hacked | The Blog HeraldSeptember 9, 2009 at 8:37 pm
  2. For The Case of WordPress, Against Self-Indulgent Promoters Who Were Hacked | BloggingProJanuary 10, 2010 at 10:22 pm

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current day month ye@r *