Hello Dear Friends,
A security hole was found in the Wordpress 2.8.3 version and all the previous versions. First of all, I’f you haven’t already updated to 2.8.4, you better do it NOW
The Problem
Basically in order to reset your Wordpress password, you click on “Forgot Your Password” and you add your details (if you know them). Someone found a way to immediately reset the password without even adding any of the key values.
The code used to do this is:
http://www.domainname.com/wp-login.php?action=rp&key[]=
You simply change the domainname.com with the one you want to reset and VOILA .. Check your email for confirmation
The Solution
There is already a solution provided officially by Wordpress so all you have to do is update to the latest version (2.8.4)
Conclusion
This doesn’t hurt you at all, its more something which annoys you (because you wont be able to login with your old password) and all you have to do is login with the new password provided and change it back to your old password or a new more secure password
Regards
Olgi
Category: News
