WordPress 2.8.4: Security Release: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. We fixed this problem last night and have been testing the fixes and looking for other problems since then.
Nu am primit pana acum nici un email care sa imi confirme bug-ul de securitate din 2.8.3. Chiar discutam cu Razvan azi de dimineata de releasurile prea dese ale WordPress-ului, dar mai bine mai des daca este vorba de security release. Chiar si piticu a simtit morcovu :)) hacherului dornic sa… profite de o mizerie de bug!