Fix your WordPress 2.8.3 NOW!

It appears than an input validation vulnerability is present in wp_login.php, used by WordPress 2.8.x to validate logins and reset passwords. An attacker can bypass the emailed password change link validation by submitting a crafted input to the password reset function in wp_login.php, as described here. The fix is at the bottom of the article, it involves changing one line of wp_login.php.

I say all this as I just had my password reset through an anonymous proxy, so it appears there is an automated attack taking place – fix your WordPress today, I just fixed mine!

Wow. It's Quiet Here...

Be the first to start the conversation!

Leave a Reply:

Gravatar Image