I finished upgrading all the blogs and sites that I maintain yesterday from WordPress 2.8.3 to WordPress 2.8.4, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, Weggis along Lake Lucerne Switzerland, and Leocadio Alonsagay Dioso Memorial Public Library, all of them in just one day. Imagine I just upgraded to WordPress 2.8.3 from WordPress 2.8 last Monday, August 10, 2009.
But it is again time to upgrade your blog or site to WordPress 2.8.4. The new WordPress 2.8.4 version is a security release. It is highly recommended that you upgrade your blog or site NOW as there is a vulnerability with the previous version of WordPress wherein anybody can reset the admin password.
A URL can be requested which will reset your admin password. I will not give you the idea on how to do it as it will only make your blog or site vulnerable. I tested it myself. It does not allow remote access but it could give you inconvenience.
When someone tries to reset your password, the message will be sent to the email address of the admin, so there should really be no danger. You can get your new password and you can change your password again once you are logged in.
The problem here is, when someone tries to reset the password more than 100 times on your blog or site, then you will probably get confused which password is the right one. You do not want that to happen, right? Then upgrade your blog or site now.
[…] Aside from the worm, an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password Vulnerability. […]