Title: gumbo's Replies | WordPress.org

---

# gumbo

  [  ](https://wordpress.org/support/users/gumbo/)

 *   [Profile](https://wordpress.org/support/users/gumbo/)
 *   [Topics Started](https://wordpress.org/support/users/gumbo/topics/)
 *   [Replies Created](https://wordpress.org/support/users/gumbo/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/gumbo/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/gumbo/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/gumbo/engagements/)
 *   [Favorites](https://wordpress.org/support/users/gumbo/favorites/)

 Search replies:

## Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [0-day Password Reset Vulnerability?](https://wordpress.org/support/topic/0-day-password-reset-vulnerability/)
 *  Thread Starter [gumbo](https://wordpress.org/support/users/gumbo/)
 * (@gumbo)
 * [16 years, 3 months ago](https://wordpress.org/support/topic/0-day-password-reset-vulnerability/#post-1379278)
 * Hacked as in defaced. On most sites the attacker replaced the index.php for the
   active theme with their own page. On one site they changed to the default theme
   first and then defaced it.
 * [@rvoodoo](https://wordpress.org/support/users/rvoodoo/): the thing is, this 
   was on the order of 10 sites with various owners hacked on the same night in 
   the same way (at least, for the ones I host that I could check logs for), so 
   I’d guess there was no previous hack on all of them.
 * Just curious if other people are seeing anything similar on 2.9.1 or know of 
   a 0-day. I’m pretty sure my host was compromised and the attacker is able to 
   get the outgoing e-mails for the password resets, but wanted to check around.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [0-day Password Reset Vulnerability?](https://wordpress.org/support/topic/0-day-password-reset-vulnerability/)
 *  Thread Starter [gumbo](https://wordpress.org/support/users/gumbo/)
 * (@gumbo)
 * [16 years, 3 months ago](https://wordpress.org/support/topic/0-day-password-reset-vulnerability/#post-1379262)
 * Oops, sorry, 2.9.1. One or two had some plugins that should have been updated,
   but others were up-to-date on plugins.

Viewing 2 replies - 1 through 2 (of 2 total)