Aug 11

For Security Reason, WordPress 2.8.4 Release

Security No Comments »

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password…

For details, please visit WordPress 2.8.4: Security Release

Tagged with:
Aug 11

WordPress 2.8.3 has Security Exploit

Security 1 Comment »
Message:  Reject activation keys that are arrays.

http://core.trac.wordpress.org/changeset/11798

open wp-login.php

on line 190, change from

 if ( empty( $key ) )

to 

if ( empty( $key ) || is_array( $key ) )

Please update your WordPress now

WordPrss 2.8.3发现Admin账户密码重置漏洞,请及时修复

Tagged with:
preload preload preload