WordPress 2.8.4: Security Release
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...]
Posted by Matt Date: Tuesday, August 11, 2009
Categories: Ferret News, Security
Tags: password, password reset, remote access, reset, Security, security check, URL, user, vulnerability, Yesterday
WordPress 2.8.2
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
Posted by Ryan Boren Date: Sunday, July 19, 2009
Categories: Ferret News
Tags: Download, redirect, site, URLs, vulnerability, WordPress, XSS
