WordPress 2.8.4: Security Release
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...]
Posted by Matt Date: Tuesday, August 11, 2009
Categories: Ferret News, Security
Tags: password, password reset, remote access, reset, Security, security check, URL, user, vulnerability, Yesterday
WordPress 2.8.3 Security Release
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download [...]
Posted by Ryan Boren Date: Monday, August 3, 2009
Categories: Ferret News
Tags: community, Download, privilege, release, Security, security release, upgrading, WordPress
The WordPress 2.0.x Legacy Branch is Deprecated
The WordPress team had initially committed to maintaining the WordPress 2.0.x legacy branch until 2010. Unfortunately, we bit off more than we could chew—the 2.0.x branch is now retired and deprecated, a few months shy of 2010. Many of the security improvements to the new versions of WordPress in the last couple of years were complete [...]
Posted by Mark Jaquith Date: Wednesday, July 29, 2009
Categories: Ferret News, Security
Tags: branch, bugs, latest security, legacy, older versions, Porting, scope, Security, security enhancements, security improvements, task, team, testament, WordPress, x branch
WordPress 2.8.1
WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe. What [...]
Posted by Ryan Boren Date: Thursday, July 9, 2009
Categories: Ferret News
Tags: extra security, page, page menu, permission checks, plugin, problem, Read, rich text editor, role names, Security, translation library, unprivileged users, upgrade
