WordPress team today released WordPress 2.8.4 which is surly a security release to fix the problem of password reset where admin password could be reset without proper verification. Sensing the scale of risk a quick update has been released. The under said was quoted on official WordPress website.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Administrators are advised to update the blog as soon as possible to fix this security hole. The update can be done automatically from Admin Dashboard or can be done manually by download the release.
File Size :- 2.2 MB
Version :- 2.8.4
License :- Open Source
Homepage :- http://www.wordpress.org