Fix your WordPress 2.8.3 NOW!

August 11, 2009 in Tech with 0 Comments

It appears than an input validation vulnerability is present in wp_login.php, used by WordPress 2.8.x to validate logins and reset passwords. An attacker can bypass the emailed password change link validation by submitting a crafted input to the password reset function in wp_login.php, as described here. The fix is at the bottom of the article, it involves changing one line of wp_login.php.

I say all this as I just had my password reset through an anonymous proxy, so it appears there is an automated attack taking place – fix your WordPress today, I just fixed mine!

Wow. It's Quiet Here...

Be the first to start the conversation!

Twitter: mikepuchol

RT @Jansana: Feliç aniversari a l'avi Pepet!! 86 anys!! Que gran es aquest home!! @teknik_tdr @AlexiaJansana http://t.co/RetaSzAW about 12 hours ago from Tweetbot for iPhone
RT @oriolpuigg: seguiu l'avenç de la nevada d'avui a través dels vigilants del SMC,el radar presenta una propagació anòmala i sembla q n ... about 12 hours ago from Tweetbot for iOS
RT @xpuig75: Ja neva. Les escoles ja estan tancades, tranquils. about 13 hours ago from Tweetbot for iOS
@meteocat @meteorac1 neva a nivell del Llobregat a Molins de Rei about 13 hours ago from Tweetbot for iPhone in reply to meteocat

Fix your WordPress 2.8.3 NOW!

Wow. It's Quiet Here...

Leave a Reply:

Search

BURN: Detroit Firefighter documentary

Twitter: mikepuchol

Photos on flickr

Slideshow