WordPress.org

Ready to get started?Download WordPress

WordPress 2.8.4: Security Release

Posted August 12, 2009 by Matt Mullenweg. Filed under Releases, Security.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

392 Pings

RSS feed for comments on this post.

  1. [...] you haven’t heard the news, WordPress 2.8.4 has been released to fix another security/annoying issue that was discovered the other night. According to the [...]

    Pingback from 2.8.4 Is Out, Better Upgrade on August 12, 2009

  2. [...] comentaba Fernando de una vulnerabilidad critica en la rama 2.8.x y hace solo minutos se libero la versión 2.8.4 que corrigue este fallo. No es un consejo, te obligamos a actualizar [...]

    Pingback from WordPress 2.8.4A | Ayuda WordPress on August 12, 2009

  3. [...] mais aqui. Desenvolvimento De Themas Personalizados Para WordPressMais info»R$ [...]

    Pingback from WordPress 2.8.4 | bernabauer.com on August 12, 2009

  4. [...] of things. By the time I changed quite a few settings and added a bunch of security plugins, this 2.8.4 Security Release came [...]

    Pingback from WordPress › Blog » WordPress 2.8.4: Security Release - Alibi Productions on August 12, 2009

  5. [...] horas después de conocer un problema de seguridad en el sistema de recuperación de contraseña, llega WordPress 2.8.4 para solucionar el error. [...]

    Pingback from WordPress 2.8.4 | TodoWordPress on August 12, 2009

  6. [...] WordPress 2.8.4 has been released and also similar to WordPress 2.8.3, this is a security fix. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from WordPress 2.8.4 « Lester Chan’s WordPress Plugins on August 12, 2009

  7. [...] original here: WordPress 2.8.4: Security Release Share and [...]

    Pingback from WordPress 2.8.4: Security Release | Lukmanul Hakim.net on August 12, 2009

  8. [...] antes posteo la vulnerabilidad, antes sale la actualización. Anda, instálate la versión 2.8.4 y descansa tranquilo… por [...]

    Pingback from WordPress 2.8.4 | Moova! News on the Move on August 12, 2009

  9. [...] 以下は、2009年8月12日に書かれた WordPress.org 公式ブログの記事、「WordPress 2.8.4: Security Release」を訳したものです。 [...]

    Pingback from WordPress | 日本語 » WordPress 2.8.4: セキュリティリリース on August 12, 2009

  10. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from WordPress lança nova atualização, versão 2.8.4 | Computêro on August 12, 2009

  11. [...] You can read about it here: http://wordpress.org/development/2009/08/2-8-4-security-release [...]

    Pingback from WordPress Vulnerability | The Eggshell on August 12, 2009

  12. [...] ha sacado ya su parche oficial para solucionar este bug. Pueden ver el anuncio oficial en WordPress 2.8.4: Security Release. Recomendamos la actualización con este Security Release tanto si se hizo el cambio mencionado en [...]

    Pingback from WordPress bug: Remote admin reset password | AltoSec Blog on August 12, 2009

  13. [...] ha sacado ya su parche oficial para solucionar este bug. Pueden ver el anuncio oficial en WordPress 2.8.4: Security Release. Recomendamos la actualización con este Security Release tanto si se hizo el cambio mencionado en [...]

    Pingback from WordPress bug: Remote admin reset password « Criado Indomable on August 12, 2009

  14. [...] have been couple of security updates to WordPress recently and here comes an another one…. WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, [...]

    Pingback from Upgrade to WordPress 2.8.4 - Platonic on August 12, 2009

  15. [...] ha salido la versión 2.8.4 la cual contiene las actualizaciones de seguridad necesarias para mitigar este error de seguridad, [...]

    Pingback from g30rg3 Blog » Reinicio no-autorizado de la contraseña del administrador bajo WordPress on August 12, 2009

  16. [...] WordPress 2.8.4 is a security release due to recent discovery of vulnerable. [...]

    Pingback from WORDPRESS 2.8.4 | YASKY Information on August 12, 2009

  17. [...] Dün Onurun yazısında gördüğüm açık bugün itibariyle 2.8.4 sürümü piyasaya çıkarılarak kapatılmış gözüküyor. Açıktan dolayı kötü niyetli kişiler tarafından parolanız sıfırlanabilir yönetim paneliniz ele geçirilebilir. Bu yüzden wordpress tüm kullanıcıların yeni sürüme güncellemesi gerektiğini belirtti. [...]

    Pingback from WordPress 2.8.4 Çıkmış! Lütfen Güncelleyiniz. « Turkcekaynak.net on August 12, 2009

  18. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Mathieu Chartier (kindo) 's status on Wednesday, 12-Aug-09 03:35:58 UTC - Identi.ca on August 12, 2009

  19. [...] WordPress Admin Password can be Reset by Anyone (Fix Provided) by jrrl :: posted August 11, 2009 :: last modified August 11, 2009 [Update: WordPress 2.8.4, which fixes this, has been released.] [...]

    Pingback from WordPress Admin Password can be Reset by Anyone (Fix Provided) @ Templature on August 12, 2009

  20. [...] 以下は、2009年8月12日に書かれた WordPress.org 公式ブログの記事、「WordPress 2.8.4: Security Release」を訳したものです。 [...]

    Pingback from 3ET » WordPress2.83に脆弱性、リモートユーザーでもパスワードリセット on August 12, 2009

  21. [...] the RSS feed for updates on this topic.Wordpress pushed a new version 2.8.4 just few hours back and has recommended that everybody must upgrade to it as it fixes a serious vulnerability with which the password of [...]

    Pingback from WordPress 2.8.4 Released on August 12, 2009

  22. [...] But if it seems like every time you turn around there’s another WordPress security release, well that’s because this (version 2.8.4) is the 4th release in less than 5 weeks. [...]

    Pingback from Yet Another WordPress Security Release – 2.8.4 | WPblogger on August 12, 2009

  23. [...] 这次更新的改动比较小,主要是修复了一个crafted URL的安全问题。 [...]

    Pingback from WordPress更新到2.8.4,其自动更新还是不太好用 on August 12, 2009

  24. [...] خود به ۲/۸/۴ اقدام نمائید. لینک دانلود وردپرس ۲/۸/۴ | منبع یاعلی تازه های نرم افزار۲/۸/۴, Bug, Fixs, security, WordPress, [...]

    Pingback from وردپرس 2.8.4 با رفع نقص یک حفره امنیتی بزرگ منتشر شد « Windows 7 | ویندوز 7 on August 12, 2009

  25. [...] Below is what Matt from WordPress says about the fix: [...]

    Pingback from WordPress 2.8.4 Released! | Island Crisis on August 12, 2009

  26. [...] Hemos notificados a todos nuestros colegas que han realizado la actualización a la versión 2.3.8. ha que descarguen la actualización que ya está disponible. [...]

    Pingback from Red de Blogs Hipertextual bajo ataque » Gadget Dominicana on August 12, 2009

  27. [...] wordpress 2.8.4 out. Yay security updates! http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Ryan K (iamaruntimeerror) 's status on Wednesday, 12-Aug-09 05:00:37 UTC - Identi.ca on August 12, 2009

  28. [...] WordPress 2.8.4: Security Release (englisch) [...]

    Pingback from WordPress 2.8.4: Security Release | dinotools.de Technik Blog on August 12, 2009

  29. [...] article can be found on WordPress Blog WordPress 2.8.4: Security Release Share and [...]

    Pingback from WordPress 2.8.4: Security Release | Online Tips on August 12, 2009

  30. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from remin raphael (remin) 's status on Wednesday, 12-Aug-09 05:16:14 UTC - Identi.ca on August 12, 2009

  31. [...] : Blog WordPress WordPress CMS [...]

    Pingback from TiChou » WordPress 2.8.4 : Réinitialisation de mots de passe sauvages corrigée on August 12, 2009

  32. [...] 8.37: WordPress ilmestyi paikkaus varsin vikkelästi. Päivitä siis oitis versioon 2.8.4 tai [...]

    Pingback from WordPress-käyttäjän salasanat menossa uusiksi on August 12, 2009

  33. [...] ukazała się kolejna poprawka bezpieczeństwa do najnowszego WordPressa – [...]

    Pingback from WordPress 2.8.4 on August 12, 2009

  34. [...] equipo de WordPress no se ha demorado y liberaron la versión 2.8.4 corriguiendo este problema que afecta al a rama 2.8.x, y posiblemente a las anteriores [...]

    Pingback from WordPress 2.8.4, actualización de seguridad on August 12, 2009

  35. [...] dem Bekanntwerden dieser ärgerlichen Sicherheitslücke schießt das Entwicklerteam das neue WordPress 2.8.4 nach, wodurch dieser Fehler behoben sein [...]

    Pingback from WordPress 2.8.4 schließt Sicherheitslücke | Telagon Sichelputzer on August 12, 2009

  36. [...] Vastav teade WordPress’i blogis. [...]

    Pingback from WordPress 2.8.4 oluline turvauuendus » Aarne bloog on August 12, 2009

  37. [...] Acaba de ser liberada la versión 2.8.4 de WordPress, a la que es una oblación actualizar porque corrige un grave fallo de seguridad que permite a cualquier internauta malintencionado reiniciar la contraseña del administrador. Vía WordPress Blog. [...]

    Pingback from Nueva actualización de seguridad de WordPress - tikitak-o-rama on August 12, 2009

  38. [...] una nueva actualización del CMS WordPress la cual viene a corregir una falla importante en la seguridad del [...]

    Pingback from WordPress 2.8.4 | Maldito Weekend on August 12, 2009

  39. [...] leer más en el blog oficial de WordPress 2.8.4 + Ver [...]

    Pingback from WordPress 2.8.4 – actualización de seguridad =A= Aeromental on August 12, 2009

  40. [...] vez la 2.8.4 fue una actualización casi obligatoria porque permitía resetear la url de cualquier blog mediante [...]

    Pingback from WordPress 2.8.4 | kimnod on August 12, 2009

  41. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Stefa Media » WordPress 2.8.4. Repară vulnerabilitatea amintită aseară on August 12, 2009

  42. [...] Users und sogars des Administrators zurücksetzten kann, hat das WordPress Team reagiert und mit WordPress 2.8.4 ein Security Release rausgerbracht. Yesterday a vulnerability was discovered: a specially crafted [...]

    Pingback from WordPress 2.8.4: Security Release - Von Joerg Hochwald - hochwald.net on August 12, 2009

  43. WordPress 2.8.4, faça o download!…

    Bom galera parece que dessa vez alguma coisa saiu muito errado na atualização da ultima versão, pois já estamos na 4 modificação de detalhes da 2.8 e agora eu realmente espero que seja a última.
    Mas agora seguindo para a parte mais técnica, o que acon…

    Trackback from Webord.net on August 12, 2009

  44. [...] va descobrir ahir que es pot aconseguir la contrasenya de l’administrador, per la qual cosa és altament recomanable instal·lar [...]

    Pingback from WordPress | Català » Actualització de seguretat: 2.8.4 on August 12, 2009

  45. [...] dem heute veröffentlichten WordPress 2.8.4 wird, wie auch bei golem.de berichtet wird, das Sicherheitsproblem behoben, bei dem es Angreifern [...]

    Pingback from WordPress 2.8.4 released | Subnetmask on August 12, 2009

  46. [...] from the development blog, download from the usual place, or use the automatic upgrade feature. I did, and so did [...]

    Pingback from WordPress 2.8.4 is out – Losing it[1] on August 12, 2009

  47. [...] üzerine WordPress 2.8.4 güvenlik sürümü hazırlanıp, yayımlandı. Daha fazla ayrıntı için burayı, sürümün İngilizce versiyonunu yüklemek için burayı tıklayın. Bilgisayarımda yaptığım [...]

    Pingback from WordPress 2.8.4 Sürümü Duyuruldu · Yakup Gövler - WordPress'e dair ne varsa - WordPress WordPress 2.8 on August 12, 2009

  48. [...] WordPress has come up with one more Security Release – WordPress 2.8.4 Security Release [...]

    Pingback from Download WordPress 2.8.4 Security Release - WordPress,Wordpress 2.8.4,Wordpress release,download wordpress 2.8.4 | Nihar's World on August 12, 2009

  49. [...] vu? Pues parece que sí, una nueva actualización de emergencia para WordPress debido a una vulnerabilidad presentada en las versiones 2.8.x, la 2.8.4 corrige este problema y ya está disponible para su [...]

    Pingback from WordPress 2.8.4 en Español « Reyson’s Blog on August 12, 2009

  50. [...] wenigen Minuten ist ein Sicherheitsupdate auf die Version 2.8.4 [...]

    Pingback from Schwachstelle in WordPress ermöglicht Aussperren des Admins » Beitrag » Dackworld on August 12, 2009

  51. [...] Sicherheitslücke bzgl. der Möglichkeit des Zurücksetzens des Adminpasswortes gibt es nun ein Sicherheitsupdate (golem.de), das unbedingt eingespielt werden sollte (insbesondere, da die “erste [...]

    Pingback from WordPress: 2.8.4 – Sicherheitsrelease > Sicherheitslücke, Update, WordPress > splash ;) on August 12, 2009

  52. [...] hatte ja gestern schon auf die Sicherheitslücke in 2.8.3 hingewiesen, heute gibts dann von WordPress den entsprechenden Fix dazu. Yesterday a vulnerability was discovered: a specially crafted URL [...]

    Pingback from WordPress 2.8.4: Und wieder darf gezittert werden | Das Meinungs-Blog on August 12, 2009

  53. [...] You can find more information about the issue on the official WordPress site. [...]

    Pingback from WordPress 2.8.4 Released « Nitin Katkam on August 12, 2009

  54. [...] ini, WordPress 2.8.4 telah dilepaskan. Versi kali ini membetulkan masalah reset password yang dilakukan oleh pengguna tidak bertauliah. [...]

    Pingback from Aku yang semakin sibuk | beliamuda {dot} com on August 12, 2009

  55. [...] Original ici [...]

    Pingback from Ansermot.ch » WordPress 2.8.4 – Security Release on August 12, 2009

  56. [...] Hehehe, sa va zic ca wordpress-ul a avut un bug atat de misto incat iti fura parola primului cont existent pe domeniu? In cazul blogurilor standard se putea sparge parola de admin?Drept urmare upgrade la ultima versiune, acum! Si injuraturile de mama catre wordpress. [...]

    Pingback from Update wordpress acum! at » piticu .ro on August 12, 2009

  57. [...] and fixed. Patch away, patch away if you happen to host your own WP!  Article with upgrade link here.  Methinks applying the patch would be a good [...]

    Pingback from WebAlongitude » WordPress Security Release – Vulnerability Discovered/Patched on August 12, 2009

  58. [...] raison de ce correctif se trouve sur le blog de WordPress (empêcher la réinitialisation du mot de passe admin, rien que [...]

    Pingback from WordPress : mise à jour 2.8.4 | DevZone on August 12, 2009

  59. Nâng cấp wordpress lên 2.8.4…

    Đề nghị những bạn nào đang sử dụng phiên bản wordpress <= 3.8.3 hãy nhanh chóng nâng cấp lên phiên bản mới 2.8.4 vì một lỗi nghiêm trọng là cho phép reset lại mật khẩu mà không cần phải điền đúng key. Tuy lỗi này không nghiệm trọng lắm vì không thể …

    Trackback from SangLT WebLog on August 12, 2009

  60. [...] aktuelle Version von WordPress steht hier zum download bereit. Die deutsche Version ist derzeit noch nicht [...]

    Pingback from WordPress 2.8.4 on August 12, 2009

  61. [...] ver el anuncio oficial en el blog de [...]

    Pingback from Liberado WordPress 2.8.4 | Sumolari.com on August 12, 2009

  62. [...] Download WordPress 2.8.4 [...]

    Pingback from New WordPress 2.8.4 Security Update | Wp Themes Planet on August 12, 2009

  63. WordPress 2.8.4 released…

    WordPress 2.8.4 has been released which fixes a major security problem.
    Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password r…

    Trackback from Ramoonus.nl on August 12, 2009

  64. [...] 2.8.4: Otra correccion de seguridad Segun la web ficial de wordpress Ayer se descubrió una vulnerabilidad: una URL especialmente preparada podría pedir que [...]

    Pingback from WordPress 2.8.4: Otra correccion de seguridad « La red en candela! on August 12, 2009

  65. [...] oficiale despre vulnerabilitate puteti gasi aici Adauga / [...]

    Pingback from Nou update de securitate WordPress - versiunea 2.8.4 | Netsec Interactive Solutions on August 12, 2009

  66. [...] Source: WordPress.org [...]

    Pingback from WordPress 2.8.4 Security Release | Premium WordPress Hosting on August 12, 2009

  67. [...] se hablaba de una nueva vulnerabilidad descubierta en WordPress 2.8.x. Ahora hay que hablar de la actualización a 2.8.4 que soluciona este problema y que hace que nuestro WordPress sea aún más seguro. Altamente [...]

    Pingback from WordPress 2.8.4: Actualización de seguridad | aNieto2K on August 12, 2009

  68. [...] WordPress kommentiert das Update wie folgt: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from WordPress 2.8.4 Update schließt Sicherheitslücke | Der Medien Blog on August 12, 2009

  69. [...] Gestern wurde eine Sicherheitslücke bekannt, die es ermöglichte durch eine manipulierte URL die das Passwort des Adminaccounts zurückzusetzen. Ein inoffizieller Bugfix war schnell da und heute kam das offizielle Update. [...]

    Pingback from Kurzmeldung: WordPress 2.8.4 veröffentlicht | Tief im See on August 12, 2009

  70. [...] Soeben wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene Lücke sowie weitere kleinere Fehler. [...]

    Pingback from WordPress 2.8.4 veröffentlicht - Soeben wurde WordPress 284 veröffentlicht Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene Lücke sowie weitere kleinere Fehler, Version, Downloadbereich, Verfügung, DE-Edition, Upgrade on August 12, 2009

  71. WordPress 2.8.4: Security Release…

    Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usu…

    Trackback from http://omponk.routelink.net on August 12, 2009

  72. [...] and have this security update installed now.  This is now the fourth release under the 2.8 branch. Read more concise details about this WordPress update or go on to download the latest stable version of WordPress for manual [...]

    Pingback from WordPress 2.8.4 Security Update | SEO Wright on August 12, 2009

  73. [...] 相隔八天,WordPress再度推出最新的2.8.4版,這真的是更新頻率最快的一個版本了。 [...]

    Pingback from VicJuan’s 再也不是好人的好站 » Blog Archive » WordPress 2.8.4版 on August 12, 2009

  74. [...] you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the [...]

    Pingback from The Correct Way To Report A Security Issue With WordPress | Weblog Tools Collection on August 12, 2009

  75. [...] reagiert, und ein Security Relase mit der Versionsnummer 2.8.4 zum Download freigegeben. Der Ankündigungspost auf wordpress.org enthält keinen Hinweis auf ein Changelog, weshalb davon auszugehen ist, dass in dieser Version [...]

    Pingback from WordPress 2.8.4: Bitte updaten! — filzo.de on August 12, 2009

  76. [...] Sicherheitslücken wie sie gerade bei WordPress entdeckt wurden — und die mit der neuesten Version 2.8.4 auch schon behoben sein sollen. Liste der LinksOffene Sicherheitslücke gefährdet WordPress [...]

    Pingback from Sichreheitsupdate auf WordPress 2.8.4 | Oberlehrer on August 12, 2009

  77. [...] Source: WordPress Development Blog [...]

    Pingback from Web News and Practical websites » WordPress 2.8.4: Security Release on August 12, 2009

  78. [...] We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress. Kaynak: WordPress 2.8.4: Security Release [...]

    Pingback from WordPress 2.8.4 Güvenli sürümü çıktı. | WordPress 2.8.4: Security Release | WordPress | rooteto.com - Ertuğrul SAĞLAM on August 12, 2009

  79. [...] Soeben wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene Lücke. [...]

    Pingback from Schon wieder eine Eilmeldung: WordPress 2.8.4 UPDATE | // TBDTTT on August 12, 2009

  80. [...] ich versuch mich mal kurz zu fassen, wieder einmal ein Security-Release von WordPress, mehr dazu hier. So wie ich das verstanden habe, kann da jemand sich das Passwort vom Admin-Account neu zusenden [...]

    Pingback from WordPress 2.8.4 - Ende, BlackBerry, Film, Thema, Dann, Berlin - Data Travelers-Blog on August 12, 2009

  81. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ WordPress Etiketler: WordPress, WordPress 2 8 4, WordPress güvenlik açığı, WordPress son sürüm, WordPress yeni sürüm Benzer Yazılar [...]

    Pingback from WordPress 2.8.4 sürümü Çıkmış güncelleme gerekiyor | unut on August 12, 2009

  82. [...] 睡一覺醒來就看到官方網站已經發佈《WordPress 2.8.4: Security Release》,隨後 WpRecipes.com 後來也發佈如何簡單修正這一個問題的文章《Prevent password reset hacking on your WordPress blog》。 [...]

    Pingback from WordPress 2.8.4: 安全修正版本發佈 « Kirin Lin on August 12, 2009

  83. [...] WordPress 2.8.4 [...]

    Pingback from WordPress 2.8.4 aggiornamento |gidibao’s Cafe on August 12, 2009

  84. [...] If you wanna see the WordPress antusias pingback, you can go directly to WordPress Security Relese. [...]

    Pingback from WordPress 2.8.4 Security Release « Daily Project™ on August 12, 2009

  85. [...] admins should head over to the WordPress website to download the new version as of [...]

    Pingback from WordPress 2.8.4 Security Update on August 12, 2009

  86. [...] from WordPress official dev blog. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress 2.8.4 out for upgrade on August 12, 2009

  87. [...] fonte: wp.org [...]

    Pingback from Aggiornamento a WP 2.8.4 | gfsolone.Com on August 12, 2009

  88. [...] wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt [...]

    Pingback from WordPress 2.8.4 DE-Edition und Upgradepaket - Heute wurde WordPress 284 veröffentlicht Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene Lücke, →, Download WordPress 284 DE-Edition, →, Upgradepaket für 28 on August 12, 2009

  89. [...] Men det går inte att accessa eller få tillgång till kontot såvida inte hackaren har tillgång till ett epostkonto som är knutet till bloggen. Men det kan ju vara fruktansvärt irriterande och frustrerande om ens adminkonto skulle nollställas via något script var och varannan minut. Läs mer om uppdateringen här – WordPress 2.8.4: Security Release. [...]

    Pingback from WordPress 2.8.4: Security Release | wpxl on August 12, 2009

  90. [...] Phylosoft y algún otro de los blogs que gestiono ya están con WordPress 2.8.4. [...]

    Pingback from Actualizados a WordPress 2.8.4 | Phylosoft on August 12, 2009

  91. [...] Nachdem ich bereits gestern über die Sicherheitslücke berichtet habe, gibt es heute schon das Update von der WordPress Version 2.8.3 auf die 2.8.4. Zitat von wordpress.com: [...]

    Pingback from Big2k.net :: Aktion100 reloaded » Blog Archive » WordPress 2.8.4: Security Release on August 12, 2009

  92. [...] WordPress 2.8.4 Security Update 0 Home » Technology » WordPress 2.8.4 Security Update Have you update your WordPress install recently? You should. Yesterday WordPress released an update that patched a vulnerability that allowed attackers to use specially designed URLs to reset the first account without a key in your database. This key is usually the WordPress administrator account. The password would then be reset and a new password would be emailed to the account’s email address. Read more here: WordPress: WordPress 2.8.4: Security Release [...]

    Pingback from WordPress 2.8.4 Security Update | Technology on August 12, 2009

  93. [...] Wow! That’s a bummer. I wouldn’t want that to happen to my blog. So, I have upgraded to 2.8.4 with immediate [...]

    Pingback from All Pumped Up! >> WordPress 2.8.3, 2.8.4 Security Updates on August 12, 2009

  94. [...] WordPressa umożliwiającą zdalną zmianę hasła administratora zespół developerów postanowił wydać kolejną łatkę bezpieczeństwa. Podobnie jak w przypadku poprzedniej aktualizacji, WordPress 2.8.4 nie wnosi nic nowego, naprawia [...]

    Pingback from WordPress 2.8.4: kolejne zabezpieczenia « WPMedia.pl on August 12, 2009

  95. [...] wordpress 2.8.4 poprawka bezpieczeństwa Oryginalny wpis Matt Mullenweg: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from wordpress 2.8.4 poprawka bezpieczeństwa , tosiek on August 12, 2009

  96. [...] poche ore è disponibile la versione 2.8.4 di WordPress (in inglese), nuova release di sicurezza che corregge una [...]

    Pingback from lucatogni.ch › Archivio › Rilasciato WordPress 2.8.4 on August 12, 2009

  97. [...] Astazi WordPress a lansat o actualizare: WordPress 2.8.4 ce poate fi descarcata de aici: http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from FaraVirusi.com » WordPress 2.8.4 – Actualizare Importanta de Securitate on August 12, 2009

  98. [...] wp又更新2.8.4 正烦的时候,一进blog后台就收到更新通知。 不是吧,又来一个安全更新,真受不了比windows更新更快。 详细:http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from 讨厌的雨天,讨厌的wp更新。。 - 小V的天空-网站建设-网页设计-seo-模板下载 on August 12, 2009

  99. [...] first thing I did after I downloaded WordPress 2.8.4 was checking the wp-config-sample.php and wp-cron.php files. I saw that the closing tags are still [...]

    Pingback from BLOG » WordPress 2.8 to WordPress 2.8.4 wp-config-sample and wp-cron files, no closing tags » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland on August 12, 2009

  100. [...] WordPress MU release is 2.8.4, a security release that fixes an annoying bug that allowed any user to change the admin password. Your password was [...]

    Pingback from WordPress MU 2.8.4 on August 12, 2009

  101. [...] release in the WordPress 2.8 series, after those 2.8.1, 2.8.2, 2.8.3 versions, now the WordPress 2.8.4 is launched due to some security reasons. And the main advantage for us, is the core upgrade [...]

    Pingback from WordPress 2.8.4 released – Security release | WordPress on August 12, 2009

  102. [...] Heute wurde bereits die Version von WordPress 2.8.4 zum Download freigegeben. Es handelt sich hierbei um eine Security Update, da es ein Problem mit dem Adminlogin gab. (Changelog). [...]

    Pingback from WordPress 2.8.4 – Security fix | www.pc-howto.com on August 12, 2009

  103. [...] that we will be getting a new version of WordPress every week. The latest in this regard is that WordPress 2.8.4 has been released. Again this latest version comes out as a security release. The reason which prompted the WordPress [...]

    Pingback from Here comes WordPress 2.8.4 | Geekword on August 12, 2009

  104. [...] Anuncio  oficial. [...]

    Pingback from El Blog De Yoyo » Nueva Actualización de Seguridad WordPress 2.8.4 on August 12, 2009

  105. [...] Link [...]

    Pingback from WP 2.8.4 Update « LoLyfe.com on August 12, 2009

  106. [...] güzel olsada beraberinde bir o kadar güncelleştirme ile açıkcası biraz can sıktı.  Fakat WordPress.org çalışanları duruma her zaman anında müdehale ederek sistemin güncelleştirilmelerini biz [...]

    Pingback from WordPress 2.8.4 Güvenlik Güncellemesi. - Bilgi – İşlem, Bilişim ve Teknoloji Üzerine… on August 12, 2009

  107. [...] Daniel Hedengren WordPress 2.8.4 is out, and it is yet another security release. Matt Mullenweg describes the issue like this: Yesterday a vulnerability was discovered: a specially crafted URL could be [...]

    Pingback from Another WordPress Security Release | The Blog Herald on August 12, 2009

  108. [...] [Download WordPress 2.8.4] Also Read A WordPress 2.2.3 releaseAn Unexpected WordPress 2.8.2 Security PatchWordPress 2.6 comes with new exciting featuresWordPress 2.8 Baker ReleasedUpgrade to WordPress 2.3.2 [...]

    Pingback from WordPress 2.8.4 Security Release Available | Kabatology ~ Open Source, Linux on August 12, 2009

  109. [...] هذا الصباح صدر تحديث جديد لوردبريس (2.8.4)، لسد ثغرة أمنية تسمح للمخترقين بإعادة تعيين كلمات [...]

    Pingback from تحديث جديد وثغرة أخرى! on August 12, 2009

  110. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ Tags: exploit, password, reset, wordpressPosted in Security | No Comments [...]

    Pingback from WordPress Security Vulnerability on August 12, 2009

  111. [...] 2.8.4 e’lon qilindi. Bu versiyada juda xavfli xatolik tuzatilgan va barcha uchun yanglanish o’ta muhim [...]

    Pingback from WordPress 2.8.4 « Avaz Ibragimov on August 12, 2009

  112. [...] WordPress via Robert Wood- DDF Consulting – Florida MAS 90 Consultant Related posts you might want to review:RoboForm Password Manager $10.40 off through 4/15/09MAS 90 and MAS 200 – The Road Ahead (Notes from Insights 2009 Session)Why I use, love and adore GmailSage MAS Community continues to grow members [...]

    Pingback from WordPress password reset flaw patched in 2.8.4 | Schulz Consulting on August 12, 2009

  113. [...] di sicurezza per WordPress, è disponibile WordPress 2.8.4. Consigliato [...]

    Pingback from Disponibile WordPress 2.8.4 | Zanblog.it di Giorgio Zanetti on August 12, 2009

  114. [...] man einmal updatet kommt schon gleich das nächste Update. Naja, bisher hat noch niemand mein Admin-Passwort resettet. Auf jeden Fall läuft jetzt wieder die aktuelle WordPress-Version. August 12th, 2009 in [...]

    Pingback from Hossie’s Blog » Blog Archive » WordPress 2.8.4 on August 12, 2009

  115. [...] Matt Mullenweg: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress 2.8.4 released » EOJON on August 12, 2009

  116. [...] Fuente: WordPress [...]

    Pingback from WordPress 2.8.4, una actualización de seguridad | Malavida Blog on August 12, 2009

  117. [...] who can upgrade their wordpress installation, should upgrade to version 2.8.4 which fixes this [...]

    Pingback from Plugin To Protect WordPress Against Password Reset Vulnerability on August 12, 2009

  118. [...] WordPress 2.8.4: Security Release [...]

    Pingback from WordPress 2.8.4 Released at wlair.us.to on August 12, 2009

  119. [...] 2.8.4 – update recomandat Posted by: iLL in Blog, tags: Security, update, WordPress WordPress 2.8.4: Security Release: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress 2.8.4 – update recomandat | iLL's mentaL on August 12, 2009

  120. [...] Official Announcement Download [...]

    Pingback from WordPress – 2.8.4 « Decoding the Web on August 12, 2009

  121. [...] admins should head over to the WordPress website to download the new version as of [...]

    Pingback from WordPress Removes Bugs: WordPress 2.8.4 Security Update | Blogging Planet on August 12, 2009

  122. [...] WordPress Development, wo es auch eine Übersicher der Neuerungen einzusehen [...]

    Pingback from WordPress 2.8.4 Baker released on August 12, 2009

  123. [...] : Release Notes VN:F [1.6.0_870]please wait…Rating: 0.0/10 (0 votes cast)VN:F [1.6.0_870]Rating: 0 (from 0 votes) [...]

    Pingback from WordPress 2.8.4 Security Release • Blog Archive • OpenSource Release Feed on August 12, 2009

  124. [...] mais (lists.grok.org.uk). Atualização: A nova versão foi disponibilizada no final da [...]

    Pingback from Falha no WordPress permite reset de senha por estranhos | ECNSoft.net on August 12, 2009

  125. [...] der “Passwort-Zurücksetzen-Funktion” gibt es nun WordPress in der Version 2.8.4. Das WordPress Blog stuft den Fehler als “very annoying” ein und rät zum Update. Comments [...]

    Pingback from WordPress 2.8.4: Security Release « hep-cat.de on August 12, 2009

  126. [...] Original Post: http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from WordPress 2.8.4 Security Release | Devils Backyard on August 12, 2009

  127. [...] encuentra disponible WordPress 2.8.4, luego de que se descubriera una vulnerabilidad en el sistema de recuperación de contraseña, es [...]

    Pingback from Ya se encuentra disponible WordPress 2.8.4 | SuperUsuario on August 12, 2009

  128. [...] to the latest WordPress 2.8.4 security fix release. For details of the minor bugfix, check out the WordPress Developers Blog. This entry was written by Tony Muka, posted on August 12, 2009 at 9:11 am, filed under Hosting, [...]

    Pingback from WESCO Net Web Services » SiteControl Updated to WordPress 2.8.4 Release on August 12, 2009

  129. [...] cuenta. Esto no permite el acceso remoto, pero es muy molesto. Se ha corregido este problema y la Versión 2.8.4 de WordPress corrige todos los problemas conocidos y ya está disponible para la descarga y es altamente [...]

    Pingback from Importante actualizacion para WordPress | RetroNet on August 12, 2009

  130. [...] 2.8.4 Released By myWordPress Earlier today, WordPress 2.8.4 was [...]

    Pingback from WordPress 2.8.4 Released | myWordPress on August 12, 2009

  131. [...] WordPress 2.8.4 är släppt då ytterligare ett sårbarhet har påträffats. Detta är en sårbarhet som angripare kan använda för att kringgå säkerhetskontrollen vid återställning av lösenord genom att använda en specialanpassad URL. Resultatet blir att den första användaren som inte har en nyckel i databasen (vanligtvis användaren admin) får sitt lösenord återställt. Angriparen får inte tillgång till din installation men kan nollställa ditt lösenord om och om igen. [...]

    Pingback from WordPress 2.8.4 | WP-Support Sverige on August 12, 2009

  132. [...] WordPress 2.8.4 är släppt då ytterligare ett sårbarhet har påträffats. Detta är en sårbarhet som angripare kan använda för att kringgå säkerhetskontrollen vid återställning av lösenord genom att använda en specialanpassad URL. Resultatet blir att den första användaren som inte har en nyckel i databasen (vanligtvis användaren admin) får sitt lösenord återställt. Angriparen får inte tillgång till din installation men kan nollställa ditt lösenord om och om igen. [...]

    Pingback from WordPress | Sverige » WordPress 2.8.4 on August 12, 2009

  133. [...] WordPress 2.8.4 är släppt då ytterligare ett sårbarhet har påträffats. Detta är en sårbarhet som angripare kan använda för att kringgå säkerhetskontrollen vid återställning av lösenord genom att använda en specialanpassad URL. Resultatet blir att den första användaren som inte har en nyckel i databasen (vanligtvis användaren admin) får sitt lösenord återställt. Angriparen får inte tillgång till din installation men kan nollställa ditt lösenord om och om igen, dvs väldigt irriterande. [...]

    Pingback from WordPress 2.8.4, säkerhetsuppgradering | Eyesx on August 12, 2009

  134. Grave problema de seguridad en WordPress!…

    En el día de ayer ha detectado un grave agujero de seguridad en el control de acceso al panel de administración de WordPress.
    Este problema, permitiría a cualquier usuario resetear la clave del administrador del blog.
    En realidad el hacker no obtendría…

    Trackback from Gastón Marrero on August 12, 2009

  135. [...] we have WordPress 2.8.4, which according to Matt is a security release intended primarily to address a password reset vulnerability that allows baddies to sleaze past a [...]

    Pingback from WordPress 2.8.4 Fixes a Security Vulnerability — Javamancy on August 12, 2009

  136. [...] güzel olsada beraberinde bir o kadar güncelleştirme ile açıkcası biraz can sıktı.  Fakat WordPress.org çalışanları duruma her zaman anında müdehale ederek sistemin güncelleştirilmelerini biz [...]

    Pingback from WordPress 2.8.4 Güvenlik Güncellemesi « Bay Bedava – Netten Başlıklar on August 12, 2009

  137. [...] un bug qui peut facilement vous pourrir la vie, un hack qui permet à n’importe qui de reinitialiser le mot de passe de l’administrateur du [...]

    Pingback from Pluie d’étoiles filantes | LostInBrittany - Le blog d'Horacio Gonzalez on August 12, 2009

  138. [...] eller så gör du det manuellt genom att ladda hem senaste versionen från den svenska eller internationella (alltså engelskspråkiga) sidan. 12 augusti 2009@ 14:53 • # Sparad i Tips Taggad med [...]

    Pingback from Dags att uppgradera WordPress – igen! | Börja Blogga on August 12, 2009

  139. [...] hoy ya lanzó la versión 2.8.4 que corrige este error, te ré recomiendo que actualizes tu blog. [...]

    Pingback from WordPress 2.8.4 Actualizacion de seguridad | peroquecosa on August 12, 2009

  140. [...] WordPress › Blog » WordPress 2.8.4: Security Release A new WordPress update is available, and advised to all of you as it fixes a security breach. (tags: wordpress security update) Leave a Reply Click here to cancel reply. [...]

    Pingback from links for 2009-08-12 | Links | WereWP on August 12, 2009

  141. [...] 2.8.4 released Looks like WordPress has released 2.8.4. http://wordpress.org/development/200…urity-release/ This is a patch to fix this vulnerability found a couple of days ago detailed at: [...]

    Pingback from WordPress 2.8.4 released - WordPress Tavern Forum on August 12, 2009

  142. [...] Fuentex [...]

    Pingback from Actualiza a WordPress 2.8.4 AHORA!!! 12 Agosto 2009 - pepeherrera.com on August 12, 2009

  143. [...] admins should head over to the WordPress website to download the new version as of [...]

    Pingback from Internet and Technology News » Blog Archive » WordPress 2.8.4 Security Update on August 12, 2009

  144. [...] further access, so was more of an annoyance than anything, but if you run WP, it is suggested to update immediately. Share and [...]

    Pingback from Matthew Helmke (dot) Net » Blog Archive » Update to WP 2.8.4 on August 12, 2009

  145. [...] A esta altura ya muchos habrán visto que en el panel de administración aparece el mensaje de actualizar a la versión 2.8.4 de WordPress, ya que se ha descubierto una grave vulnerabilidad. [...]

    Pingback from Greave vulnerabilidad en WordPress, actualizen a la versión 2.8.4! | Weblog Stuff on August 12, 2009

  146. [...] Si tienes un blog WordPress autohospedado descarga ya la actualización a WordPress 2.8.4. Más información en el blog de WordPress. [...]

    Pingback from WordPress 2.8.4 « Macram on August 12, 2009

  147. [...] augustus 2009 door admin De populaire blogsoftware WordPress heeft een zeer belangrijke update uitgebracht, die een kwetsbaarheid verhelpt waardoor een aanvaller vrij eenvoudig het [...]

    Pingback from WordPress dicht vervelend wachtwoord-lek - BLOG PC Web plus - on August 12, 2009

  148. [...] | WordPress Blog | [...]

    Pingback from WordPress 2.8.4 disponible para descargar on August 12, 2009

  149. [...] wieder ein Update – 2.8.4 von WordPress. Da es sich um ein Sicherheitsupdate handelt, ist es wohl angezeigt, [...]

    Pingback from Sicherheitsupdate | blogIK on August 12, 2009

  150. [...] de seguridad. Problemas con la recuperación de contraseña; un problema muy serio, asi que lo mejor es actualizar lo más pronto posible. WordPress [...]

    Pingback from WordPress 2.8.4 Disponible - Willy Andres on August 12, 2009

  151. [...] וורדפרס: "בשל המצב הבטחוני הקשה, הוצאנו גרסא 2.8.4" [...]

    Pingback from אסכולת הכורסא » הפאנל בבינתחומי והכיסוי בעיתונות on August 12, 2009

  152. [...] alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the [...]

    Pingback from WordPress Exploit Allows Admin Password Reset – The Next Web on August 12, 2009

  153. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Williams Orellana (worellana) 's status on Wednesday, 12-Aug-09 15:39:19 UTC - Identi.ca on August 12, 2009

  154. [...] WordPress 2.8.4 發佈,這次安全性的修正是關於管理者密碼可能被重設,建議大家利用時間盡快更新。 [...]

    Pingback from WordPress 2.8.4緊急升級 « 活在當下 on August 12, 2009

  155. [...] there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.WordPress team has announced WordPress 2.8.4. This release happens to be a security release. This release among other issues addresses a [...]

    Pingback from WordPress releases WordPress 2.8.4 | Etiole on August 12, 2009

  156. [...] WordPress.Org Share and [...]

    Pingback from Upgrade: WordPress versi 2.8.4 security release telah siap | SSN Web Tutorial WordPress and Blogger, Technology News on August 12, 2009

  157. [...] have released 2.8.4 to address a security issue. Seems like hackers could have caused a lot of problems with this. [...]

    Pingback from WordPress 2.8.4 Released – Blog Themes Club on August 12, 2009

  158. [...] latest security update for WordPress helps explain, I think, how my blog got hacked last [...]

    Pingback from clayboy » The hacking of clayboy: a useful tip for fellow WP users on August 12, 2009

  159. [...] 8/12/2009 – WordPress.org has released WordPress 2.8.4.  I think that patch only adds the modification above, but it might include other patches too. [...]

    Pingback from Temporary fix for unauthorized WordPress password reset | Technology for Mortals on August 12, 2009

  160. [...] WordPress MU release is 2.8.4, a security release that fixes an annoying bug that allowed any user to change the admin password. Your password was [...]

    Pingback from WordPress MU 2.8.4 | Seo Webmaster on August 12, 2009

  161. [...] hay parche oficial hasta el momento, Si lo hay . Se ha corregido la vulnerabilidad en la versión de desarrollo, por lo que se les aconseja [...]

    Pingback from Nueva vulnerabilidad en WordPress 2.8.3 on August 12, 2009

  162. [...] WordPress No comments [...]

    Pingback from Michel Samovojski » WordPress 2.8.4: Security Release on August 12, 2009

  163. [...] También hubo intentos de obtener contraseñas en usuarios de WordPress por medio de brute force, posiblemente relacionado con una vulnerabilidad encontrada ayer mismo. [...]

    Pingback from Hipertextual on August 12, 2009

  164. WordPress 2.8.4 – Actualização de segurança…

    Para quem utiliza o WordPress, saiu uma nova actualização de segurança que corrige um bug encontrado na versão anterior que permitia o reset da password do admin.
    O exploit divulgado no site milw0rm mostrava como facilmente qualquer pessoa poderia ger…

    Trackback from WebTuga on August 12, 2009

  165. [...] d’actualitzar la vostra instal·lació. Segons informa Xavier Caballé es tracta d’una actualització de seguretat, que soluciona una vulnerabilitat a través de la qual es podia canviar la contrasenya de [...]

    Pingback from Elliot.cat on August 12, 2009

  166. [...] WordPress security update Share and Enjoy: [...]

    Pingback from WordPress Exploit – Admin reset exploit | IT Security Gurus on August 12, 2009

  167. [...] so, WordPress sent out a notification that a serious security issue had been discovered(2.84 Security Release) and they were updating to ensure WordPress users were protected. The only issue is, the feature in [...]

    Pingback from Life Is Risky » Blog Archive » Auto Upgrade is great, when the button works on August 12, 2009

  168. [...] tekst jest tłumaczeniem tego wpisu, który Matt Mullenweg umieścił dzisiaj na blogu wordpress.org: Wczoraj w WordPressie odkryta [...]

    Pingback from WordPress | Polska » WordPress 2.8.4: aktualizacja zabezpieczeń on August 12, 2009

  169. [...] wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene [...]

    Pingback from Bücherwurms Blog-Welt » [WordPress] Update 2.8.4 de_DE on August 12, 2009

  170. [...] official wordpress developers blog: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress 2.8.4 | menardconnect.com on August 12, 2009

  171. [...] another quick upgrade to WordPress 2.8.4 due to a vulnerability in the previous [...]

    Pingback from A Concurrent Affair » Blog Archive » Auto-Upgrade to WordPress 2.8.4 on August 12, 2009

  172. [...] bir hafta içerisinde tespit edilmiş birkaç ufak hata da WordPress 2.8.4‘de kapatılmış. WordPress.org/2-8-4-security-release linkinden resmi açıklamaya da [...]

    Pingback from WordPress 2.8.4 Çıktı! Şifre Sıfırlama İşleminde Güvenlik Açığı - Kodla Beni on August 12, 2009

  173. [...] Leia sobre o update do wordpress no seguinte link [...]

    Pingback from Problema de Segurança no seu WordPress - Blog do MeuPodcast on August 12, 2009

  174. [...] sods law that when I download some software (wordpress this time) the day after there is always a security update. Which involves re-doing something I spent a while [...]

    Pingback from Software Updates – It’s never my day | PHP and MySQL Development on August 12, 2009

  175. [...] Update: WordPress reacted fast and published the security update 2.8.4 which eliminated the vulnerability. Please upgrade now. Read the official WordPress post here. [...]

    Pingback from WordPress: Nasty Vulnerability lets Hacker Delete Admin Password! | MXM-Studios on August 12, 2009

  176. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Isaac Wedin (aizek) 's status on Wednesday, 12-Aug-09 19:11:41 UTC - Identi.ca on August 12, 2009

  177. [...] Security Release beseitigt einen Fehler der es ermöglicht das Administrator Passwort ohne Bestätigung [...]

    Pingback from WordPress 2.8.4: Security Release - Heimpold.net on August 12, 2009

  178. [...] WordPress 2.8.4, actualización urgente de seguridad Versión para Imprimir 12 Agosto, 2009 · Archivado en WordPress  Despues de unas horas de conocer la horrible vulnerabilidad de WordPress 2.8, llega la actualización de seguridad. [...]

    Pingback from WordPress 2.8.4, actualización urgente de seguridad | Microutopia - El blog personal de Marcelo Lynch (ahora con un título más corto) - 0% Grasas Trans! on August 12, 2009

  179. [...] equipo de WordPress no se ha demorado y liberaron la versión 2.8.4 corriguiendo este problema que afecta al a rama 2.8.x, y posiblemente a las anteriores [...]

    Pingback from FusionGT V2.0 » Blog Archive » WordPress 2.8.4, actualización de seguridad on August 12, 2009

  180. [...] to WordPress 2.8.4 today because of a security issue. You should [...]

    Pingback from Hello! My name is… Imelda Bettinger » Archive » Comments on August 12, 2009

  181. [...] [Via : WordPress 2.8.4: Security Release.] [...]

    Pingback from How to update WordPress 2.8.x the easy way — KnowIT on August 12, 2009

  182. [...] version 2.8.4 was released. WordPress admins should head over to the WordPress website to download the new version as of now. Tags: security, wordpress Categories: security Posted By: Enni [...]

    Pingback from WordPress version 2.8.3 bug resets admin password | Cross Marketing Power Blog on August 12, 2009

  183. [...] Delade WordPress 2.8.4: Security Release [...]

    Pingback from Dagbok för 12 August 2009 | En sur karamell on August 12, 2009

  184. [...] es noch nicht gelesen haben sollte: WordPress 2.8.4 ist erschienen. Das Update schließt eine Lücke, durch die das Passwort vom Admin neu angefordert werden kann. [...]

    Pingback from Sicherheitsupdate für WordPress | anrichter on August 12, 2009

  185. [...] selang waktu 10 hari, eh WordPress lagi-lagi merilis versi terbarunya WordPress 2.8.4. Kali ini masalah perbaikan reset password via email di WordPress. Sebar Postingan [...]

    Pingback from Worpress 2.8.4 dirilis (security lagi) – Ngobrol Blog Yuk on August 12, 2009

  186. [...] by admin on Aug.12, 2009, under Uncategorized Just a quick note. If you are, like me, using WordPress for your blog then you should update it to version 2.8.4 asap. Read more here. [...]

    Pingback from Update your WordPress! - Peter’s Blog on August 12, 2009

  187. [...] 2.8.4: Security Release [...]

    Pingback from WP 2.8.4: Security Release | dunes.de on August 12, 2009

  188. [...] Nota oficial Escrit per Pau el 12-08-09 Xarxes i seguretat (No Ratings Yet)  Loading … [...]

    Pingback from Avís important: actualitzeu el WordPress | SomGNU on August 12, 2009

  189. [...] del primer usuario que aparece en la base de datos, el cual suele ser “admin”. Aquí tenéis el anuncio oficial de WordPress, en el que se recomienda encarecidamente la actualización [...]

    Pingback from CyberHades » Blog Archive » Agujero de Seguridad en WordPress on August 12, 2009

  190. [...] όσοι επισκεφτήκατε το dashboard της εγκατάστασης σας, νέα κυκλοφορία με σειρά αρίθμησης 2.8.4 κυκλοφόρησε χθες για το WordPress [...]

    Pingback from Security Release WordPress 2.8.4 | zero.gr on August 12, 2009

  191. [...] on Twitter had a problem updating her WordPress installation to 2.8.4. You know, there is a security update (yes, I know… the 4th one in almost as many weeks since 2.8 was [...]

    Pingback from Failed WordPress Updates | WPChick on August 12, 2009

  192. [...] Today was released WordPress 2.8.4 A quick fix to a vulnerability problem. Kudos to the team for being so quick in fixing problems. Read more here [...]

    Pingback from Viva Themes | Professional premium wordpress themes. » Blog Archive » WordPress 2.8.4 security release on August 12, 2009

  193. [...] security vulnerability was discovered in WordPress 2.8.3 recently. If you look at the flaw in question, I can’t [...]

    Pingback from Space Babies » Blog Archive » PHP massive security FAIL on August 12, 2009

  194. [...] read more visit WordPress.org Press Release [...]

    Pingback from Got Problems With WordPress Admin Password Reset? on August 12, 2009

  195. [...] reestablecido la contraseña. Obviamente algo qye yo no necesite por lo que inmediatamente fui a http://www.wordpress.org y me encontre con una actualizacón de seguridad que hacia referencia justo a [...]

    Pingback from Nueva actualización de WordPress a 2.8.4 | Pablo Glanz on August 12, 2009

  196. [...] Actualizar a WordPress 2.8.4 (descarga). [...]

    Pingback from Actualizar WordPress a 2.8.4 on August 12, 2009

  197. [...] hagan ataques de negación de servicio (DoS) contra el sitio. La gente de WordPress lanzó ya una nueva versión (2.8.4) corrigiendo el problema, así que a actualizar nuestros sitios de inmediato. Comparte este post [...]

    Pingback from Vulnerabilidad en WordPress 2.8 | yorch @ web [in] on August 12, 2009

  198. [...] ver con las contraseñas que se utilizan en el panel de administración. Por eso te recomiendo que actualizes a WordPress 2.8.4 (descarga). Suscríbete a nuestro Feed RSS | Etiquetas: actualizacion wordpress [...]

    Pingback from Actualización de seguridad a WordPress, nueva versión 2.8.4 on August 12, 2009

  199. [...] versi 2.8.3). Ada beberapa perbaikkan untuk versi terbaru ini, selengkapnya dapat kita baca di sini. Ayo segera upgrade WordPress kita. Semoga bermanfaat atas postingan yang saya publish [...]

    Pingback from WordPress 2.8.4 : Security Release | McDin.Net on August 12, 2009

  200. [...] More security-related items were fixed: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from ten billion butterfly sneezes » Obligatory Post-Update Post on August 12, 2009

  201. [...] הודעת השחרור הרשמית של WordPress 2.8.4 [...]

    Pingback from WordPress | וורדפרס בעברית » וורדפרס 2.8.4 בעברית on August 12, 2009

  202. [...] For those of you running WordPress on your sites, you should see a prompt to install the latest Security Release. You need to update ASAP to remedy a security vulnerability that can allow your password to be [...]

    Pingback from WordPress 2.8.4 UPDATE NOW! | NewsTechZilla on August 12, 2009

  203. [...] said on WordPress Blog: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress 2.8.4 - A Crucial Security Release on August 12, 2009

  204. [...] tradução do post do Matt feita por mim e pelo meu guru Frei [...]

    Pingback from WordPress | Brasil » WordPress 2.8.4 pt_BR : atualização de segurança on August 13, 2009

  205. [...] tradução do post do Matt feita por mim e pelo meu guru Frei [...]

    Pingback from WordPress 2.8.4 pt_BR : atualização de segurança » Comunidade WordPress-BR on August 13, 2009

  206. [...] to WordPress 2.8.4 Security Release on [...]

    Pingback from WordPress 2.8.4 Security Release Upgrade & Plugin Upgrade Errors on August 13, 2009

  207. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Install latest WordPress 2.8.4 to prevent annoying admin password reset « Be your own BOSS @ WordPress on August 13, 2009

  208. [...] Click for more information from WordPress on the WordPress 2.8.4 Security release. [...]

    Pingback from WordPress Upgrade to 2.8.4 on August 13, 2009

  209. [...] WordPress « Putrajaya Flower & Garden Festival [...]

    Pingback from WordPress 2.8.4 | WING LOON on August 13, 2009

  210. [...] WordPress 2.8.4: Security Release [...]

    Pingback from 終於回復正常 - 929 on August 13, 2009

  211. [...] Version 2.8.3 was released early last week, and today 2.8.4 has been announced. Once again, it is termed a security release. According to Matt, if you are still using 2.8.3 a specially crafted URL could be requested that [...]

    Pingback from Yet Another WordPress Upgrade - 2.8.4 | CompuSutra on August 13, 2009

  212. [...] 这次的WordPress 2.8.4: Security Release 版本就是个很好的例子,Admin的密码能够被强制重置对一个博主的冲击非常巨大,尤其是利用博客做了很多关于个人推广,产品,科研等信息发布等的就更是损失惨重了,希望能够通过的安全漏洞的分级,然后在WordPress里根据分级建立一定的预警机制和强制升级机制,让用户在使用的时候能够最低限度的知道如果不升级会有什么后果,或者强制用户必须对某些能够造成严重损失的漏洞进行升级才能够正常地使用博客等方式。 [...]

    Pingback from 关于WordPress的Critial Security Patch的建议 | 微言解语 on August 13, 2009

  213. [...] contra respuesta el equipo de WordPress ha liberado la versión 2.8.4 que corrige de forma total y definitiva la vulnerabilidad antes mencionada. Por lo cual es [...]

    Pingback from Actualización critica a WordPress 2.8.4 | CMSTECNO on August 13, 2009

  214. [...] WordPress 2.8.4: Security Release Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. [...]

    Pingback from Tech News From the Web - August 13, 2009 | Tech Wishlist on August 13, 2009

  215. [...] Quelle [...]

    Pingback from bash, sql, wordpress and fun » upgrade auf wordpress – version 2.8.4 on August 13, 2009

  216. [...] (via wordpress) [...]

    Pingback from WordPress 2.8.4 Security Update released to fix admin password reset exploit issue | www.HWDOT.com on August 13, 2009

  217. [...] yang menarik saat pihak WordPress mengumumkan peluncuran versi yang sekarang, yakni turunnya petinggi WordPress, Matt Mullenweg secara langsung mengumumkan perbaikan di versi [...]

    Pingback from WordPress Versi 2.8.4 telah dirilis | RISOFTE on August 13, 2009

  218. [...] WordPress versi 2.8.4 telah menambal celah keamanan tersebut. Oleh karena itu sangat dianjurkan bagi setiap pengguna WordPress untuk mengupgrade versi wordpress mereka ke versi terbaru ini (2.8.4). [...]

    Pingback from Alasan Kita Harus Segera Mengupgrade Ke Versi 2.8.4 | RISOFTE on August 13, 2009

  219. [...] If you are reading this, that means that Jeremy-Gilby-dot-com, successfully updated to the latest 0.0.x release, WordPress 2.8.4. [...]

    Pingback from Jeremy-Gilby-dot-com » WordPress 2.8.4 on August 13, 2009

  220. [...] ini. Pengembangannya pun sangat up to date, saat ini wordpress telah merilis versi terbarunya yaitu WordPress 2.8.4 Security Release yang memiliki kelebihan pada tingkat keamanan data. Pada bulan Agustus ini wordpress terbaru yang [...]

    Pingback from 10 Plugin WordPress Terbaru - arifindomedia.com on August 13, 2009

  221. [...] 昨天,WordPress发布了新的2.8.4。该版本是一个仅仅修复了一个密码取回的漏洞,下面的内容摘自WordPress官方blog [...]

    Pingback from WordPress 2.8.4 简体中文版发布 | WordPress 中文团队 on August 13, 2009

  222. [...] Click to SOURCE and DOWNLOAD [...]

    Pingback from Security Release Of WordPress 2.8.4 ! « My Blog on August 13, 2009

  223. [...] it is again time to upgrade your blog or site to WordPress 2.8.4. The new WordPress 2.8.4 version is a security release. It is highly recommended that you upgrade [...]

    Pingback from BLOG » Upgraded to WordPress 2.8.4, Reset Password Vulnerability » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland on August 13, 2009

  224. [...] 2.8.4, scaricando il pacchetto dal sito italiano, poichè la versione 2.8.3 era affetta da un bug Ovviamente prima di aggiornare, ho fatto il backup dei file e del database, (questa è una regola [...]

    Pingback from Aggiornamento WordPress 2.8.4 « Il blog di totò on August 13, 2009

  225. [...] Pueden descargar la versión de WordPress 2.8.4 desde wordpress.org [...]

    Pingback from WordPress 2.8.4 Actualización de seguridad on August 13, 2009

  226. [...] 20090812: Now that a security update is available, users are advised to update to WordPress [...]

    Pingback from WordPress 2.8.3: Quick-fix for admin lock-out security problem | numlock.ch - a changelog by Daniel Mettler on August 13, 2009

  227. [...] WordPress security update [...]

    Pingback from Tech Edition | pacificpelican.us/podcast on August 13, 2009

  228. [...] The WordPress installation has been updated to the latest version 2.8.4. Release notes on that update are available here [...]

    Pingback from WordPress 2.8.4 « Spenced.com on August 13, 2009

  229. [...] WordPress Share and Enjoy: [...]

    Pingback from WordPress 2.8.4 released - Arthur Tooy on August 13, 2009

  230. [...] wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt [...]

    Pingback from WordPress 2.8.4 DE-Edition und Upgradepaket veröffentlicht on August 13, 2009

  231. [...] tespit edilmiş birkaç ufak hata da WordPress 2.8.4‘de kapatılmış. WordPress.org/2-8-4-security-release linkinden resmi açıklamaya da [...]

    Pingback from www.html-kod.com|wordpress guvenlik acigi kapatildi,2.8.3 guvenlik acigini kapat,wordpress 2.8.4 surumu indir | on August 13, 2009

  232. [...] another vertical search engine, just what the world needs (unfortunately WordPress 2.8.4 doesn’t support sarcastic font). But seriously, Able Grape is worth a look, even if, like me, [...]

    Pingback from An Able Grape at the Helm of Twitter Search | The Noisy Channel on August 13, 2009

  233. [...] 修正内容を見ると何かヤバげなので、一応パッケージを作成してサービスに登録した。データベースイメージの更新は保留で、新規導入時に更新要求がでるがまあ問題ないだろう。 [...]

    Pingback from 私のブログサイト - WordPress セキュリティ更新リリース on August 13, 2009

  234. [...] que no peligran las versiones anteriores-, así que en Automatic se han puesto a trabajar para sacar de forma inmediata un parche para el [...]

    Pingback from WordPress 2.8.4: actualización crítica | Incognitosis on August 13, 2009

  235. [...] Via | WordPress Blog [...]

    Pingback from Actualicen a WordPress 2.8.4 | Geek Zeitung on August 13, 2009

  236. [...] now on 2.8.4 – [...]

    Pingback from gaarf.info » Blog Archive » Upgraded to WordPress 2.8.4 on August 13, 2009

  237. [...] URL: <http://wordpress.org/development/2009/08/2-8-4-security-release/&gt; [...]

    Pingback from News » WordPress 2.8.4,1 Upgrade » Gossamer Web Design on August 13, 2009

  238. [...] Meer informatie over dit onderwerp kunt u hier lezen. (english) http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Lutjebroeker.nl » WordPress Upgrade 2.8.4 on August 13, 2009

  239. [...] the upgrade to 2.8.4 (very important) failed for me, due to the following error: Fatal error: Allowed memory size of 33554432 bytes [...]

    Pingback from Error upgrading WordPress 2.8.4 | J Puddy.net on August 13, 2009

  240. [...] WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. [...]

    Pingback from Earthman » Blog Archive » WordPress 2.8.4: Security Release on August 13, 2009

  241. [...] gisteren 2.8.4. Security. Hop, weer updaten. Dit artikel werd gepost op donderdag 13 augustus 2009 om 22:32 uur, [...]

    Pingback from 2.8.4, another update » … with a smile! on August 13, 2009

  242. [...] email a la cuenta del propietario. Esto no permite el acceso remoto, pero es muy molesto.” (wordpress.org [...]

    Pingback from WordPress 2.8.4 (actualización de seguridad) - VitaminaWEB.com on August 13, 2009

  243. [...] A nova versão foi disponibilizada no final da [...]

    Pingback from Falha no WordPress permite que a senha do administrador seja “resetada” por estranhos | 0fx66 on August 13, 2009

  244. [...] View the official posting on the WordPress Development Blog. [...]

    Pingback from JungleJar | WordPress 2.8.4 Security Release on August 14, 2009

  245. [...] Jika anda pengguna WordPress versi 2.8.3 kebawah, ada celah keamanan yang cukup berbahaya yang sebaiknya anda tutup dengan melakukan upgrade WordPress ke versi 2.8.4. Celah keamanan itu dalam bentuk peluang melakukan remote admin reset password. Hacker dapat melakukan upaya reset password admin tanpa harus melakukan proses login. Penjelasan lengkap mengenai masalah ini dapat dibaca disini dan disini. [...]

    Pingback from Urgent, Upgrade ke WordPress Versi 2.84 | Blog Vavai on August 14, 2009

  246. [...] news – the security issue is in the class of ‘annoying’ rather than serious; the possibility is there to reset [...]

    Pingback from WP 2.8.4… - Make Money With WordPress Blogs AND ActiveBlogging! on August 14, 2009

  247. [...] 這次更新是關於管理者密碼可能被重設,如果是從 WordPress 2.8.3 升級到 2.8.4 的話,直接參考 Changes from tags/2.8.3 at r11806 to tags/2.8.4 at r11806 就可以了。 [...]

    Pingback from wordpress 更新到 2.8.4 » 投筆從農 on August 14, 2009

  248. [...] who can upgrade their wordpress installation, should upgrade to version 2.8.4 which fixes this [...]

    Pingback from How To Protect WordPress 2.8 Against Password Reset Vulnerability using Plugins | KnowBest.info on August 14, 2009

  249. [...] Due to a vulnerability discovered in WordPress 2.8.3, the WordPress development team have released a security update to version 2.8.4.  The vulnerability allowed a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. It is recommended that you update to WordPress version 2.8.4. [...]

    Pingback from WordPress Version 2.8.4 Security Release on August 14, 2009

  250. [...] ou poderá descarregar o pacote completo e actualizar manualmente. Mais informações no comunicado oficial no WordPress.org. Se gostou deste post então por favor subscreva ao RSS feed do Open Mania. [...]

    Pingback from WordPress 2.8.4 | Open Mania on August 14, 2009

  251. [...] esta disponible una nueva actualizacion de WordPress, la 2.8.4, que corrige una serie de problemas de [...]

    Pingback from Ciberhormiga » Blog Archive » Actualizacion WordPress 2.8.4 on August 14, 2009

  252. [...] Source [...]

    Pingback from Vulnerable InforMation And IT News » Blog Archive » WordPress 2.8.4: Security Release - vulnerable security xss sql injection exploit bugs 0day zero-day paper news code on August 14, 2009

  253. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Portcullis » Patch Your Blogs Folks on August 14, 2009

  254. [...] upgraded the blog to WordPress 2.8.4 which according to wordpress.org is a security release fix a vulnerability that was discovered on Aug 11 Share and [...]

    Pingback from WordPress 2.8.4: Security Release | okubax.co.uk on August 14, 2009

  255. [...] WordPress only released version 2.8.4 on Wednesday, but the message remains: ALWAYS UPGRADE YOUR VERSION OF WORDPRESS [...]

    Pingback from Laura Roberts, ButtonTapper » Blog Archive » haXXored! on August 14, 2009

  256. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from GKauten » WordPress 2.8.4 Released! on August 14, 2009

  257. [...] newsa na WordPress.org. Share and [...]

    Pingback from WordPress 2.8.4 – poprawka bezpieczeństwa | /dev/exine on August 15, 2009

  258. [...] Update: Ondertussen is WordPress 2.8.4 uit, waarin de bug ook werd gepatcht. Installeer zo snel mogelijk deze nieuwste versie. [...]

    Pingback from PriorWeb Blog » Archief » Kritische bug in alle WordPress-installaties on August 15, 2009

  259. [...] ukazała się kolejna poprawka dla bezpieczeństwa WordPress w wersji 2.8.4. O dziwo nie zainteresowałbym się tym, gdyby nie wczorajszy mail, który otrzymałem ze swojego [...]

    Pingback from WordPress 2.8.4: Security Release - SEO Blog - PiotrZukowski.com on August 15, 2009

  260. [...] on to update to WordPress 2.8.4 – which needs to be done manually because of security settings on the aforementioned [...]

    Pingback from Blogvaria » Apache halts and freezes on August 15, 2009

  261. [...] nu använder vi WordPress version 2.8.4 men vilken version kommer vi att använda innan klockan slår över till 2010? Min gissning är, [...]

    Pingback from Vilken version kommer WordPress ha vid årsskiftet? | wpxl on August 15, 2009

  262. [...] genaue Beschreibung könnt ihr hier [...]

    Pingback from WordPress 2.8.4 Update - Seesle’s Blog on August 15, 2009

  263. [...] rien n’a bougé, mais subsistaient beaucoup de questions, jusqu’à ce que la version 2.8.4 y réponde. Au départ, n’ayant rien trouvé dans WordPress, j’ai continuer mes [...]

    Pingback from WordPress: alerte de sécurité | Emmanuel GEORJON on August 15, 2009

  264. [...] it out on the WordPress.org Blog if you need more details about the [...]

    Pingback from WordPress 2.8.4 Released: Security Update | Download E-Books Free Video Training Courses Softwares on August 15, 2009

  265. [...] se han demorado (bueno, un poco, el primer parche para el fallo lo crearon los propios usuarios) y han liberado la versión 2.8.4 que corrige el problema. Así que lo dicho, si tienes un WordPress y aún no has actualizado ya [...]

    Pingback from Subserraneo » Blog Archive » Bloggers, ya estáis tardando en actualizar a WordPress 2.8.4 on August 16, 2009

  266. [...] request to the Administrator. More and the download link (or upgrade from the Dashboard) at the WordPress Blog. 2.9 is getting closer. AKPC_IDS += "4513,";Popularity: unranked [?] Written by: Sanjo-chan [...]

    Pingback from WordPress 2.8.4 (and a few theme glitches) on August 16, 2009

  267. [...] For more : Visit WordPress Blog [...]

    Pingback from WordPress updated 2.8.4 | Rockstar template on August 16, 2009

  268. [...] Bagi mereka yang menggunakan WordPress sebagai platform blog , WordPress telah melancarkan version yang terbaru iaitu 2.8.4.Version 2.8.4 dilancarkan pada 12 Ogos 2009.Sila upgrade blog anda bagi menjamin keselamatan blog/data.Maklumat lanjut sila ke WordPress. [...]

    Pingback from WordPress Version 2.8.4 Dilancarkan | BuletinPC on August 16, 2009

  269. [...] this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended… wordpress security vulnerability wordpress update blog blog update :blog, blog update, security, [...]

    Pingback from New WordPress update! Security Vulnerability 2.8.4 - Kevin Hatfield’s Blog on August 16, 2009

  270. [...] the full article here. addthis_url = [...]

    Pingback from WordPress 2.8.4 | Simon & Jun life journey on August 16, 2009

  271. [...] week, the WordPress team fixed a pretty nasty bug and released version 2.8.4 of their blogging engine.  Prior to that, version 2.8.3 fixed a security bug in version 2.8.2 [...]

    Pingback from The Problem with Plugins | Software Testing Blog on August 17, 2009

  272. [...] WordPress 2.8.4 has been released to patch a security vulnerability that was recently discovered. This vulnerability being that a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. While more a pain than a real security threat it is advisable to update your WordPress install. More information can be found here. [...]

    Pingback from WordPress 2.8.4 Security Release | WordPress Land on August 17, 2009

  273. [...] : WordPress 2.8.4: Security Release Tags : Security Release, WordPress, WordPress 2.8.4 Leave a response | Entries RSS feed | [...]

    Pingback from WordPress 2.8.4: Security Release » WP Addict [dot] Info on August 17, 2009

  274. [...] Upgrade WordPress! [...]

    Pingback from Getting back up to speed with Episode 359 | The CaffiNation Podcast on August 17, 2009

  275. [...] 2.8.3,前幾天WordPress官方網站又緊急公佈最新版本 WordPress 2.8.4。因為是程式安全問題上的緊急發布(Security [...]

    Pingback from [更新] 升級網站的WordPress 版本 « Andy on August 17, 2009

  276. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from WordPress 2.8.4: Security Release - Sociale Media on August 17, 2009

  277. [...] 2.8.4 release this weekend was due to a newly discovered hole in WordPress. In fact, the whole (which [...]

    Pingback from What’s Wrong with WordPress? :: Christopher Ross on August 17, 2009

  278. [...] WordPress › Blog » WordPress 2.8.4: Security Release. Categories: Techfun – Tags: security, [...]

    Pingback from WordPress 2.8.4: Security Release | Techfun on August 18, 2009

  279. [...] up some code some time or another, minor releases are most CMS’s way to doing this. Ready? WordPress 2.8.4 is a security release, CMS Made Simple 1.6.4 “Moindou” fixes some minor bugs. And [...]

    Pingback from Minor Releases :: CMS Design Resource on August 18, 2009

  280. [...] I have finally upgraded to WordPress 2.8.4, 6 days after its release. Due to my inability to upgrade automatically, I ended up skipping [...]

    Pingback from WordPress 2.8.4, Yet Another New Web Host at wlair.us.to on August 18, 2009

  281. [...] Friday (August 14, 2009) Black Heart was struck down by hackers exploiting a known WordPress security loophole. Our site was hacked, and we’ve spent almost a week getting it back up and running. We have [...]

    Pingback from BLACK HEART HACKED; BACK FROM THE DEAD! :: Black Heart Magazine on August 19, 2009

  282. [...] time on the issue. For instance, WordPress released an update to their blogging platform last week. The 2.8.4 version fixes a vulnerability where a hacker could get access to the admin dashboard of a wordpress blog. If you haven’t [...]

    Pingback from iWeb Blog » Securing WordPress against hackers and bots on August 19, 2009

  283. [...] problème. Par exemple, WordPress a publié une mise à jour de leur plateforme la semaine passée. La version 2.8.4 règle une vulnérabilité où un pirate pourrait avoir accès à l’interface d’administration d’un blogue [...]

    Pingback from iWeb Blog » Sécuriser WordPress contre les pirates et les scripts on August 19, 2009

  284. [...] WordPress.org Compartir [...]

    Pingback from WordPress 2.8.4 — Eddy Ramos blog on August 19, 2009

  285. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from Word Press Update 2.8.4 released Aug. 12th 2009 on August 20, 2009

  286. [...] urmare faceţi update la noua versiune,acum! Dacă vă mai doriţi blog… Articol Oficial Uncategorized0 Commentswordpress 2.8.4, wordpress.org.bug 0 Comment Comments [...]

    Pingback from Paul Blog :: Just another WordPress weblog » Blog Archive » Faceţi update la WordPress 2.8.4 acum!! on August 20, 2009

  287. [...] the official page for this release at [...]

    Pingback from Upgrade to WordPress 2.8.4 - An Important Security Release | WP-Blogger on August 20, 2009

  288. [...] 2.7 branch was pretty stable, and didnt need many bugfixes. WordPress 2.8 on the other side, is already at 2.8.4 in just some weeks time and will at least be be 2.8.5 before 2.9 comes. This is bad for reputation, [...]

    Pingback from WordPress Beta Test plugin. « Johnmyr's Blog on August 20, 2009

  289. [...] habt ihr von der Sicherheitslücke in WordPress Blog’s [...]

    Pingback from WordPress und SMF Update « tixxle » blog on August 20, 2009

  290. [...] Update verlief heute ohne weitere Probleme. So sollte es immer laufen. Wen es interessiert, kann im Security-Log von WordPress nachlesen was geändert worden ist! (No Ratings Yet)  Loading [...]

    Pingback from Adrian Sauer » WordPress 2.8.4 Upgrade » Von Adrian Sauer » Security-Log, interessiert, Revisionsnummer, Normalweise on August 20, 2009

  291. [...] En esta perspectiva, WordPress ha publicado una actualización de su plataforma la semana pasada.  La versión 2.8.4 corrige la vulnerabilidad en caso que un pirata logre acceder a la interfaz de administración de un blog WordPress.  Si [...]

    Pingback from iWeb Blog » Proteger WordPress de los piratas y de los scripts on August 20, 2009

  292. [...] this article: WordPress › Blog » WordPress 2.8.4: Security Release Share and [...]

    Pingback from WordPress › Blog » WordPress 2.8.4: Security Release | Hack In The Box on August 20, 2009

  293. [...] After some weeks tweaking various versions of PHP and MySQL I finally found a tutorial that worked over on the IIS Admin Blog. The tutorial leads you through both the installation of PHP 5 and MySQL 5 and then through the WordPress installation that will work even with 2.8.4. [...]

    Pingback from Installing WordPress, PHP and MySQL on Windows 2003 with IIS | Matthew Hodgson on August 21, 2009

  294. [...] more about the latest WordPress security fix 2.8.4 at the official Automattic [...]

    Pingback from Blogging Fool » Blog Archive » WordPress Encourages Update to Security Patch 2.8.4 on August 23, 2009

  295. [...] Read the latest Security press release from Word Press here [...]

    Pingback from Bharath » Blog Archive » WordPress 2.8.3 Admin Password Reset Exploit on August 24, 2009

  296. [...] You can read more about the release on the WordPress Blog. [...]

    Pingback from Our Community — Blog — Hosting Connection Update: WordPress 2.8.4: Security Release on August 24, 2009

  297. [...] 2.8.4 Security Release Aug.24, 2009 in WordPress As predicted, WordPress 2.8.4 has been released. No surprise here, after news about the admin password reset “exploit” issue [...]

    Pingback from WordPress 2.8.4 Security Release on August 24, 2009

  298. [...] la petite frayeur liée à la faille de WordPress 2.8.3, je me suis décidé à travailler sur la sécurité de mon blog. J’ai effectué quelques [...]

    Pingback from 15 règles pour sécuriser WordPress | Emmanuel GEORJON on August 25, 2009

  299. [...]  どうやら、WordPress2.8.3に脆弱性が見つかったようです。WordPressは自分のブログでも使用しているオープンソースブログ作成ソフトなのですが、SANSの報告より、この脆弱性を利用するとリモートのユーザーが管理用のパスワードをリセットできてしまうようです。脆弱性を解決するパッチは現在開発中のようで、英語版WordPress2.8.4は昨日リリースされました。日本語版は現在開発中とのことです。詳細は続きから以下は、2009年8月12日に書かれた WordPress.org 公式ブログの記事、「WordPress 2.8.4: Security Release」を訳したものです。WordPress2.8.3の脆弱性の詳細昨日、WordPress2.83に脆弱性が見つかりました: 脆弱性の内容は特別に作成された URL がリクエストされると、ユーザーがリクエストしたパスワードのリセットを確認するためのセキュリティチェックを攻撃者が回避できる可能性があります。その結果、データベースにキーを持たない最初のアカウント (通常は管理者アカウント) のパスワードがリセットされ、新しいパスワードがそのアカウントのメールアドレスに送られます。これによってリモートアクセスが可能になるわけではありませんが、かなり不愉快な思いをするでしょう。私たちは昨晩この問題を修正し、この修正をテストして他に問題がないか確認しました。既知の問題をすべて修正したバージョン2.8.4(英語版)はすでにダウンロードできるようになっていて、すべての WordPress ユーザーにアップグレードを強くおすすめします。今回の脆弱性事態は急を要するわけではありませんので、数日の内にWordPress2.84の日本語版が開発されるとのことですので、少しの間待たせていただきましょう。それにしても、先週のWordPress2.8.3に続き、脆弱性が見つかりましたか・・・少しペースが速いような気がしますが、ユーザーとしては、いち早くこういった脆弱性に気づいて修正してもらえるというのはありがたいことですね。 [...]

    Pingback from WordPress2.8.3に脆弱性、リモートユーザーでもパスワードリセット – 3ET on August 25, 2009

  300. [...] WordPress 2.8.4: Security Release [...]

    Pingback from 晓闻心雨 » WordPress 2.8.4 发布 on August 25, 2009

  301. [...] “Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account)” Read Full Release [...]

    Pingback from Web Design Blog » WordPress Blog 2.8.4 Released - Designbit - Blog Design, Web Design, WordPress and Shopify Blog on August 26, 2009

  302. [...] servers. Firstly, wordpress itself has recently suffered from a particularly embarrassing remote exploit which allows an attacker to reset the admin password, and secondly, as I discussed at z05 below, [...]

    Pingback from trivia » Blog Archive » wordpress woes on August 26, 2009

  303. [...] Dies ist ein Test für die Verlinkung des wordpress-blogs. [...]

    Pingback from Testlink « hannes-sander.net on August 27, 2009

  304. [...] Source WordPress Development Blog WordPress [...]

    Pingback from WordPress 2.8.4: Security Release @ blog.if-else.fr on August 27, 2009

  305. WordPress 2.8.4…

    Lagi security release dari Automattic dengan WordPress 2.8.4. Beberapa isu keselamatan telah diperbaiki.
    Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to ver…

    Trackback from Od3n (dot) Net on August 28, 2009

  306. [...] vulnerability that could allow unauthorized users to request a password reset. See full detail WordPress 2.8.4 Release Share with [...]

    Pingback from WordPress releases security update | Hosted Business Blog Sites in Denver on August 28, 2009

  307. [...] WordPress 2.8.4: Security Release [...]

    Pingback from UUWordPress Tech » WordPress 2.8.4: Security Release on August 28, 2009

  308. [...] und verabschieden uns von unserem alten WP 2.5 System. Eigentlich wollten wir auf das neueste WordPress umsteigen (2.8.4), aber es gab zu viele [...]

    Pingback from HipHopHolic: Neues Design | Außerdem, Webdesign bedanken, greenITs, Kraisser, Andreas, Schritte | HipHopHolic on August 29, 2009

  309. [...] nueva actualización de emergencia para WordPress debido a una vulnerabilidad presentada en las versiones 2.8.x, la 2.8.4 corrige este problema y ya está disponible para su [...]

    Pingback from WordPress 2.8 en Español by xdatos on August 30, 2009

  310. [...] WordPress 2.8.4: Security Release 12 Agustus 2009 Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...] [...]

    Pingback from analog » Blog Archive » # WordPress 2.8.4: Security Release 12 Agustus 2009 Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested on August 31, 2009

  311. [...] WordPress 2.8.4: Security Release 12 Agustus 2009 Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...] [...]

    Pingback from merdeka » Blog Archive » QuickPress Judul Add media: Add an ImageAdd VideoAdd AudioAdd Media Content Tag Recent Drafts There are no drafts at the moment Blog Pengembangan WordPress Konfigurasikan * WordPress 2.8.4: Security Release 12 Agustus on August 31, 2009

  312. [...] from HERE AKPC_IDS += "465,";Popularity: unranked [?]SHARETHIS.addEntry({ title: "WordPress 2.8.4: Security [...]

    Pingback from WordPress 2.8.4: Security Release | Knowledge Is King! on September 1, 2009

  313. [...] WordPress 2.8.4 was released on August 12th, 2009 as is a security release. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from WordPress 2.8.4 Upgrades | Upgrade Guru on September 2, 2009

  314. [...] response to reports of a possible security exploitation released by WordPress, the ICLB team are pleased to announce we have succesfuly updated to the [...]

    Pingback from ICLB Blog Statement at The International Criminal Law Bureau : Blog on September 2, 2009

  315. [...] few weeks back, when WordPress 2.8.4 was released, I tried my luck and upgraded to the latest version, yet again. At the same time I was [...]

    Pingback from WordPress 2.8.4 Solver Trackback and Pingback Issues - The Digital Awakening on September 3, 2009

  316. [...] post: WordPress 2.8.4: Security Release Share and [...]

    Pingback from WordPress 2.8.4: Security Release « POLLOGU on September 3, 2009

  317. [...] WordPress has released a security release 2.8.4 to fix a security issue where in admin password could be reset and sent to the admin email account. As mentioned on security blog, it’s n0t serious as password will be still mailed to you. Read more about it here [...]

    Pingback from WordPress 2.8.4 – Security Patch Released on September 4, 2009

  318. [...] of a previous attack. Help! My Blog Posts Now Have Weird Code on the URL From WordPress.org WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. Yesterday a vulnerability was [...]

    Pingback from Upgrade WordPress to 2.8.4 - Security Threat on September 5, 2009

  319. [...] Mój własny, osobisty dysk twardy (czytaj mózg) się zawiesił – papaka zamiast mózgu, znowu. wordpress.org [...]

    Pingback from Tomasz Curlej || BLOG » Blog Archive » WordPress zhakowany, komp szaleje – co jeszcze? on September 5, 2009

  320. [...] up my site and update my WordPress version due to a WP hack that’s been spreading around. Thanks Gem for the heads [...]

    Pingback from Back from Leyte | Calvin's Hub on September 5, 2009

  321. [...] PS2:如果你在使用WP,特别是企业网站,还没有升级至最新版本2.8.4的话,强烈建议你赶快升级,因为较旧版本的WP有些漏洞,而且最近国外某知名技术博客被入侵,随后Mashable发布一个升级警告,简述了不升级的严重后果。事实上,WP官方博客在发布2.8.4的时候,就提醒该漏洞并严重推荐升级到最新版了。 [...]

    Pingback from 20个最漂亮的基于WordPress的企业网站设计| ShowCase| 前端观察 on September 5, 2009

  322. [...] Par exemple, WordPress a publié une mise à jour de leur plateforme la semaine passée. La version 2.8.4 règle une vulnérabilité où un pirate pourrait avoir accès à l’interface d’administration d’un [...]

    Pingback from Dakiri Blog » Blog Archive » WordPress – Les plugins et la sécurisation on September 5, 2009

  323. [...] er egentlig litt forundret over hvis noen i dette landet ikke har oppgradert til WP 2.8.4 som kom 11. august, fordi det tar maks to minutter å oppgradere [...]

    Pingback from Det tar to minutter å oppgradere WordPress | zhayena.net on September 5, 2009

  324. [...] upgraded this blog to WordPress 2.8.4 this morning to avoid falling victim to a new exploit that has apparently already compromised a fair number of WordPress-based blogs. Yesterday a [...]

    Pingback from moebius recursive » WordPress Exploit Avoided on September 5, 2009

  325. [...] upgraded this blog to WordPress 2.8.4 this morning to avoid falling victim to a new exploit that has apparently already compromised a fair number of WordPress-based blogs. Yesterday a [...]

    Pingback from moebius recursive » WordPress Exploit Avoided on September 5, 2009

  326. [...] 11th! So of course the day before I’m planning on posting my new studio mix I see news of a WordPress security hole. Nerdk0r3 is also hosted on a large and cheap web host which is often the target of attacks itself. [...]

    Pingback from Not Hacked! - nerdk0r3.com on September 5, 2009

  327. [...] WordPress 2.8.4 was released on August 12th, 2009 as is a security release. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. [...]

    Pingback from WordPress 2.8.4 | WordSprung, A Service of Watershed Studio on September 6, 2009

  328. [...] in August 11 , 2009 a worm was found that use vulnerabilities to access the log-in for self-hosted wordpress blogs. Meaning if [...]

    Pingback from *ALERT* WordPress Worm on the loose be on alert on September 6, 2009

  329. [...] UPDATE2: I am still lurking around the Net and reading up on this. Seems that latest vulnerability could also allow someone to reset Admin password of the “default” initial WordPress account. So, I also took the precaution of resetting that password to something new ASAP. Read up more here. [...]

    Pingback from adir1 » Blog Archive » WordPress Security Breach – First Response Steps on September 6, 2009

  330. [...] you are running a WordPress blog, now would be a good time to upgrade to version 2.8.4. There is a nasty worm that’s going around attacking all older versions of WordPress. Ominous [...]

    Pingback from We’re Back on September 6, 2009

  331. [...] knew about the vulnerability and released a system update last month to protect users. However, Robert – who prides himself on being the guy who is [...]

    Pingback from WordPress Users: Eat your vegetables! — KevinDonahue.com on September 6, 2009

  332. [...] you are running a WordPress blog, now would be a good time to upgrade to version 2.8.4. There is a nasty worm that’s going around attacking all older versions of WordPress. Ominous [...]

    Pingback from iWyre on September 6, 2009

  333. [...] Jeśli masz obawy związane z tym, że coś Ci się rozsypie po aktualizacji wordpressa, zrób najpierw aktualizację wszystkich pluginów i zaktualizuj wersję używanego szablonu. Po tym wszystkim możesz już spokojnie ściągnąć ostatnią wersję wordpressa zrobić aktualizację.    [...]

    Pingback from WordPress zaatakowany - zaktualizuj teraz jeśli używasz wersji wp poniżej 2.8.4 | Najlepszy Blog on September 6, 2009

  334. [...] blogs using outdated versions might be at risk as a new worm has been discovered on August 11. Matt Mullenweg, a founding developer of WordPress, descrices: “it registers a user, uses a [...]

    Pingback from Older Versions of WordPress Blogs at Risk on September 6, 2009

  335. [...] Report from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress sites: WordPress 2.8.4: Security Release. [...]

    Pingback from Self-hosted WordPress users need to upgrade to newest version immediately « So You Want To Be A Waiter on September 6, 2009

  336. [...] WordPress 2.8.4: Security Release [...]

    Pingback from David Trumbell » WordPress Security Threat on September 6, 2009

  337. [...] Well, it looks like anything with less than a 2.8.4 version of WordPress got itself busted up if it was a searched target. That’s not overly huge news. The latest version that has been out for a while (August 12, 2009 according to the WP blog over here. [...]

    Pingback from WordPress hole – number of big blogs hit @ Path of the Digital Katana on September 6, 2009

  338. [...] WordPress team has discovered and released a new version 2.8.4 to fix a very serious vulnerability that allows hackers to reset passwords.   For those of you [...]

    Pingback from WordPress 2.8.4 Vulnerability Patch | the arkayne blog on September 6, 2009

  339. [...] Yesterday I got this rather frightening warning to upgrade asap to the next version (2.8.4) of WordPress (that’s the system upon which this blog is built, for you laymen) because hackers are getting [...]

    Pingback from WordPress, I Take Back What I Said… | Your Unemployed Daughter on September 6, 2009

  340. [...] vulnerability allowing the attack was discovered August 11, at which point WordPress encouraged users to upgrade to version 2.8.4. However, many people have [...]

    Pingback from WordPress falling prey to worm | Technology News on September 6, 2009

  341. [...] vulnerability allowing the attack was discovered August 11, at which point WordPress encouraged users to upgrade to version 2.8.4. However, many people have [...]

    Pingback from seacliff partners international, LLC » Blog Archive » WordPress On This Blog Is Up To Date on September 6, 2009

  342. [...] This your friendly neighborhood administrator letting you know that the site has been upgraded to WordPress 2.8.4 per this advisory. [...]

    Pingback from Bluegrass Mama » Upgraded on September 6, 2009

  343. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from WordPress Security Exploits – This site was hacked | Eric Shefferman (DOT) Com on September 7, 2009

  344. [...] PS2:如果你在使用WP,特别是企业网站,还没有升级至最新版本2.8.4的话,强烈建议你赶快升级,因为较旧版本的WP有些漏洞,而且最近国外某知名技术博客被入侵,随后Mashable发布一个升级警告,简述了不升级的严重后果。事实上,WP官方博客在发布2.8.4的时候,就提醒该漏洞并严重推荐升级到最新版了。 [...]

    Pingback from Air Note | 多一份支持,多一分力量 » Blog Archive » 你能看出这20个漂亮的网站是用WP做的吗? on September 7, 2009

  345. [...] пароль в удалённом режиме. Сразу же вышел WordPress 2.8.4, устраняющий эту уязвимость. Как оказалось, [...]

    Pingback from Эпидемия «умного червя» под WordPress | 77even on September 7, 2009

  346. [...] администраторский пароль в удалённом режиме. Сразу же вышел WordPress 2.8.4, устраняющий эту уязвимость. Как оказалось, [...]

    Pingback from Эпидемия «умного червя» под WordPress | WordPresser.ru on September 7, 2009

  347. [...] Bagi seorang blogger yang mneggunakan CMS WordPress sebagai platform untuk membuat blog , apa kata anda updgrade / naik taraf versi WordPress kepada versi WordPress 2.8.4. [...]

    Pingback from Upgrade WordPress dan Cuba Opera 10 | Artikel | Info | Panduan Percuma Komputer dan Internet on September 7, 2009

  348. [...] Also bitte, aktualisiert eure WordPress-Version auf 2.8.4. [...]

    Pingback from WordPress: Wurm verteilt Spam und Malware | Tegget.de | Die Blog-Gemeinschaft on September 7, 2009

  349. [...] WordPress pre 2.8.3 and below attacked by worm – Admin IP watcher [...]

    Pingback from #20: The Late Show | Social Media White Noise on September 7, 2009

  350. [...] администраторский пароль в удалённом режиме. Сразу же вышел WordPress 2.8.4, устраняющий эту уязвимость. Как оказалось, [...]

    Pingback from Срочно! Уязвимость wordpress 2.8.3 | Заработок в сети интернет on September 7, 2009

  351. [...] vulnerability allowing the attack was discovered August 11, at which point WordPress encouraged users to upgrade to version 2.8.4. However, many people have [...]

    Pingback from Bedrettin Belek » Blog Archive » WordPress blogs falling prey to worm on September 7, 2009

  352. [...] was a security vulnerability that was discovered August 10, 2009 for WordPress versions 2.8.3 and older and the patch for it was [...]

    Pingback from WordPress is under attack! | HaggardHosting on September 7, 2009

  353. [...] (zdementowane, ale kto ich tam wie). Kilka dni temu wyciek haseł z Wykopu, a jeszcze wcześniej poważna luka w najpopularniejszym oprogramowaniu, na którym stoi większość blogów w Polsce pozwalająca resetować hasło [...]

    Pingback from Allegrowy iStore sypie hasłami? | Aukcjoteka on September 7, 2009

  354. [...] ِ ۲٫۸٫۴ را منتشر کردند، یعنی در تاریخ ۱۲ اوت ۲۰۰۹(اینجا). اما مولنوگ در مطلب جدیدش یعنی مطلبی که در تاریخ ۵ [...]

    Pingback from رضا در دنیای زیبای وب » Blog Archive » چطور وردپرس مان را امن نگه داریم؟ on September 7, 2009

  355. [...] Zeit. So gab es ab der Version 2.80 immer wieder das eine oder andere Sicherheitsproblem. Mit dem Version 2.84 sind jetzt die Tore wieder [...]

    Pingback from Info zu WordPress- WordPress Sicherheit | Blog News on September 8, 2009

  356. [...] Report from WordPress on Attack: How to Keep WordPress Secure. Information on the most recent update of WordPress that prevented this attack on updated WordPress sites: WordPress 2.8.4: Security Release. [...]

    Pingback from Old WordPress Versions Under Attack « Lorelle on WordPress on September 8, 2009

  357. [...] News is going-around about a rather sneaky WordPress worm. After registering for the blog, it uses an escalation of privileges vulnerability in versions of WP older than 2.8.3 to get admin powers, lie dormant, and eventually do…something. Post spam? Malware links? The sky is the limit, really. (WordPress announcement here, information about the latest security update, 2.8.4, here). [...]

    Pingback from Unpatched WordPress Users Hit by Worm « Of Bytes and Badges on September 8, 2009

  358. [...] may change URLs or abuse other parts of your site. Please see the following links for reference: WordPress 2.8.4 Security Release Mashable – WordPress Attack Underway Lorelle on [...]

    Pingback from Make Hay Ethical E-Media » Blog Archive » Important: WordPress Security Exploit on September 8, 2009

  359. [...] For more information about WordPress 2.8.4. [...]

    Pingback from WordPress 2.8.4 upgrade scheduled « FWWDS Blog on September 8, 2009

  360. [...] a password reset or something…. After confirming with the wordpress blog, I upgraded to v2.8.4. Looking back, i wonder if this was a controlled social experiment by word press to take advantage [...]

    Pingback from How Twitter saved my WordPress… probably. - world threat on September 8, 2009

  361. [...] et bien comme cet article, celui-ci, ainsi que ce dernier m’ont fait un peu peur, je me suis souvenu que ce truc était sous WordPress dans une version [...]

    Pingback from Mise à jour… @ Sean_Long on September 8, 2009

  362. [...] notificación en el riesgo de la plataforma fue reportada desde mediados de agosto en el blog de la firma por Matt Mullenweg, uno de los fundadores de WordPress, quien informó que una vulnerabilidad en uno  los URL de la [...]

    Pingback from En peligro WordPress por gusano | Netmedia.info on September 8, 2009

  363. [...] notificación en el riesgo de la plataforma fue reportada desde mediados de agosto en el blog de la firma por Matt Mullenweg, uno de los fundadores de WordPress, quien informó que una vulnerabilidad en uno  los URL de la [...]

    Pingback from En peligro WordPress por gusano | bSecure on September 8, 2009

  364. [...] Blog fährt jetzt mit WordPress 2.8.4 und damit ein bisschen schneller und sicherer geworden. In der Zwischenzeit zeigt mein [...]

    Pingback from WordPress 2.8.4, erste Fotos aus der Provence « Jörg zeigt Euch seine Welt on September 9, 2009

  365. [...] allowing the attack was discovered August 11 and was immediately fixed by the WordPress team in the 2.8.4 security release. If you are using version 2.8.4 or better of WordPress, or host your blog on WordPress.com, you are [...]

    Pingback from Defensio, the blog » Blog Archive » WordPress users, are you safe? on September 9, 2009

  366. [...] WordPress is updated to 2.8.4. Stay away evil worm. [...]

    Pingback from SkaroffBlog » Updated on September 10, 2009

  367. [...] thinking about upgrading but haven’t gotten around to it yet, now would be a really good time. WordPress 2.8.4 has been released to fix huge a security hole. If you are NOT running WordPress 2.8.4 then your site is vulnerable! [...]

    Pingback from WordPress Security Release: WordPress 2.8.4 - MAD TOMATO on September 10, 2009

  368. [...] Soeben wurde WordPress 2.8.4 veröffentlicht. Diese Version ist ein Sicherheitsrelease und behebt die gestern bekannt gewordene Lücke.Wir raten allen Benutzern dringend auf die neue Version zu aktualisieren. Im Laufe des Tages werden wir das Upgradepaket und die DE-Edition zur Verfügung stellen. Die offizielle englischsprachige Version 2.8.4 kann im Downloadbereich runtergeladen werden.Vor einem Upgrade sollte immer ein vollständiges Backup aller Dateien und der Datenbank angelegt werden!(via) [...]

    Pingback from «Profan... den Rest kannst du dir sparen.» :: Schon wieder eine Eilmeldung: WordPress 2.8.4 UPDATE on September 10, 2009

  369. [...] that lead to this worm attacking older versions of WordPress was fixed in WordPress 2.8.4 which was released on August 12th. When it comes to a security release of WordPress, I take it seriously and don’t mess around [...]

    Pingback from Are You Responsible Enough To Run WordPress? « Weblog Tools Collection on September 12, 2009

  370. [...] http://wordpress.org/development/2009/08/2-8-4-security-release/ [...]

    Pingback from WordPress bajo ataque Hacker | Testeo y Calidad de Software on September 14, 2009

  371. [...] открих че някоя добра хакерска душа беше влязла през дупка в wordpress преди милите хора от хостинга ми да се наканят да [...]

    Pingback from Бяха ми хакнали блога « Блога на Жоро on September 20, 2009

  372. [...] WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. [...]

    Pingback from Naik taraf (Update) WordPress ke 2.8.4- damiaworks on September 21, 2009

  373. [...] blogs están corriendo con wordpress 2.7. La versión más reciente es 2.8.4, y fija algunos problemas que ya son preocupantes. En cuanto consiga tiempo voy a actualizar mi blog y, si veo que el proceso es automatizable, [...]

    Pingback from Actualizar nuestros wordpress. - El blog del TIC on September 21, 2009

  374. [...] Thursday, September 24, 2009 at 12:12 am Seit etwa einer Woche ist der Digitale Heimwerker live. Heute habe ich zum ersten Mal die Logfiles inspiziert. Nein, nicht die Web-Logfiles um zu sehen wie viele Leser ich hier habe (die sind erwartungsgemäß niedrig), sondern die sicherheitsrelevanten Server-Logfiles des virtuellen Servers, auf dem das Blog läuft. Das WordPress-Blog hatte da ein paar unschöne Berichte, z.B. “How to Keep WordPress Secure” oder “WordPress 2.8.4: Security Release“. [...]

    Pingback from Digitaler Heimwerker » Server-Sicherheit – ein erster Eindruck on September 23, 2009

  375. [...] WordPress.org: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would [...]

    Pingback from WordPress Worm | Bleeding Edge Blogspot on September 24, 2009

  376. [...] Jika pengen yang bypass, upgrade aja ke WordPress 2.8.4. [...]

    Pingback from Cara merubah Permalink WordPress | benehal on September 29, 2009

  377. [...] you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the [...]

    Pingback from Rahul Sonar on September 30, 2009

  378. [...] WordPress 2.8.4: Security Release Posted August 12, 2009 by Matt. Filed under Releases, Security. [...]

    Pingback from WordPress 2.8.4: Security Release | umojahosting on October 1, 2009

  379. [...] an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password [...]

    Pingback from BLOG » Upgrade and Keep your WordPress Secure » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland on October 1, 2009

  380. [...] first job has been to address the vulnerabilities found in WordPress and upgrade to the latest version. It seemed to go very well and everything [...]

    Pingback from Webgazette.co.uk » Blog Archive » Hello World on October 5, 2009

  381. [...] neupdatovali svoj WordPress blog,je najvyšší čas tak spraviť. V auguste upozornil samotný WordPress na bezpečnostnú chybu, ktorá bola už v tom čase pomaly zneužívaná na samodistribúciu [...]

    Pingback from blogujem.nebezpecne.info » WordPress červík chrumkavý on October 6, 2009

  382. [...] Update auf WordPress 2.8.4 ist abgeschlossen. Jetzt dürfte es auch wieder möglich sein, sich zu registrieren. Oktober 11, [...]

    Pingback from Update abgeschlossen : Burks' Blog on October 11, 2009

  383. [...] You see, we were too busy to update our WordPress sites when WordPress 2.8.4 came out – which happened to include major security fixes. Lesson [...]

    Pingback from WordPress Maintenance Guide - How To Take Care Of WordPress | Web Strategy Workshop on October 13, 2009

  384. [...] 发现Wordpress2.8.3重置密码漏洞,并已将这一漏洞修复。Wordpress已更新为WordPress 2.8.4: Security Release。 [...]

    Pingback from WordPress2.8.3重置密码漏洞更新 | 醒悟人生 on October 13, 2009

  385. WordPress 2.8.4: Security Release – Better Update…

    WordPress has updated and released the “Security Release” version 2.8.4. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress. ……

    Trackback from New York Web Design on October 13, 2009

  386. [...] Zdroj: WordPress 2.8.4: Security Release [...]

    Pingback from WordPress | Slovensko » WordPress 2.8.4: Bezpečnostná oprava on October 14, 2009

  387. [...] noite de 12 de Agosto deste ano, Matt Mullenweg (criador do WordPress) fez um post explicando que uma vulnerabilidade havia sido encontrada, mesmo com pouco tempo depois de terem [...]

    Pingback from Blogueiros, atualizem seu WordPress! | Via Hospedagem on October 15, 2009

  388. [...] wordpress dibawah versi 2.8.4 punya celah keamanan yang serius. untuk keterangannya bs di baca di sini dan d [...]

    Pingback from Health For All » Blog Archive » Upgrade WordPress 2.8.4 on October 16, 2009

  389. [...] bloggar utsätts för olika former av attacker blev vi varse om när säkerhetsuppdateringen (WordPress 2.8.4: Security Release ) till WordPress släpptes tidigare i år. Med WP Security Scan finns det ytterligare en möjlighet [...]

    Pingback from 15 WordPress plugin för att ha full kontroll över sin blogg! | wpxl on October 18, 2009

  390. [...] Security threat, here. [...]

    Pingback from Problem with WordPress 2.8.4 Upgrade on October 19, 2009

  391. [...] hearing and working on with the security loops and hacks with version below 2.8.3. So, they release WordPress version 2.8.4 as the Security Release on August 12, 2009. Which solved most of the security issues and I did a research and write an [...]

    Pingback from WordPress 2.8.5: Hardening Release | Sakin Blog on October 21, 2009

  392. [...] WordPress Development, wo es auch eine Übersicht der Neuerungen einzusehen gibt. * A fix for the Trackback [...]

    Pingback from WordPress 2.8.5 Hardening released on October 21, 2009

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: