Schulz Consulting

Sage 100cloud Consulting

WordPress password reset flaw patched in 2.8.4

by

wordpress.jpg

Yesterday my friend Robert Wood reset the administrative password on my site. Rather than be upset – I’m delighted. Robert was notifying me of a flaw in the WordPress software that allowed anyone to reset the administrative password of a blog.

While this did not provide access to the administrative account (the password reset was only sent out via email to the registered account holder) – it did expose a weakness. If someone also had access to the email account affiliated with the administrator they could potentially hijack this password reset and gain access to your WordPress site.

Version 2.8.4 of WordPress is available and I recommend you upgrade immediately.

WordPress via Robert Wood- DDF Consulting – Florida MAS 90 Consultant

Contact Us

Schulz Consulting
Connecticut Office
Phone: 860.657-8544
Email Us
Locally serving all of Connecticut, Massachusetts, Rhode Island, Vermont,
New York, New Jersey. Available remotely nationwide.
We are a local branch of DSD Business Systems Connecticut.