WordPress 2.8.4 – Update Now
The folks at Automattic released a security update for WordPress today due to a very specific bug: …a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. While this isn’t an incredibly nasty…