Wordpress 2.8.4 Security Release : Fixes Remote Password Reset Vulnerability
I’ve read about a Wordpress Vulnerability at that a specially crafted URL like the one below could allow a remote password reset,bypassing the security check to verify a user requested a password reset with the new password sent to the email id provided by the unknown user, leaving you locked out of your own blog’s login.
http://www.domain.com/wp-login.php?action=lostpassword
Wordpress 2.8.4 fixes this problem and is highly recommended to update immediately to Wordpress 2.8.4 to prevent such a attack.Though this does not allow remote access, unless your blog’s only user is admin which is commonly used.
Source : GHacks & Wordpress Blog.
Written by Avinash
Browse Tech Yard for the latest & interesting web applications, Freewares, Wordpress Tips,
Firefox Hacks and Addons, Mobile Phones, Windows - Linux - MAC OS Tricks.
Reset Wordpress Login Password From phpMyAdmin
Wordpress 2.8.3 Released – Security Release
Wordpress 2.8.2 Released – Fixes XSS Vulnerability
Wordpress 2.6.2 Released !!
Protect Your Wordpress Blog From Brute Force Attacks
