Wordpress 2.8.4 Released to Fix Admin Password Reset Exploit - ProgrammerFish

WordPress 2.8.4 Released to Fix Admin Password Reset Exploit

by Salman Ul Haq on August 11th, 2009

I have reasons to think that this must have been released in panic because the exploit could have meant blogs thinking about shifting to other CMS and not compromise their security again. We exposed how vulnerable WordPress was to a remote admin password reset exploit that resets your admin password without any confirmation and this could mean hackers can exploit it to block your admin user access to the dashboard by flooding you with repeated password reset emails!

We have posted a fix to the admin password reset exploit already before WordPress released 2.8.4 update but I will still recommend you upgrade to 2.8.4

WordPress.org just released WordPress 2.8.4 which is available for automatic upgrade through your WordPress dashboard and can also be download from their site.

WordPress 2.8.4 Download link

No matter what we will continue using WordPress even if sometimes the security is compromised because to be truthful, there is no other OpenSource CMS that comes even near to WordPress when it comes to blog management.