People who use version 2.8.3 of the WordPress blogging software may want to download an update posthaste. A vulnerability's been discovered that, while it won't let other folks take over accounts, will allow troublemakers to lock out administrators.Laurent GaffiƩ gets credit for uncovering the problem, and according to a warning published on Full Disclosure, this hack isn't the domain of shadowy professionals and government agents. About all that's needed in order to pull it off is a Web browser and one special URL.
Then, it's possible to mess with the WordPress password reset function, resetting passwords without the admin ever getting any notice of the action.
You can imagine how this would prove problematic if an administrator couldn't figure out what was going on. And even if an admin did catch on, a prankster could probably manage to repeat the performance over and over, creating a real headache or even permanent roadblock.
Luckily, version 2.8.4 of WordPress has been made available in response, and it addresses the issue. So get to downloading the update as soon as seems convenient for the sake of not getting locked out of your blog.
netizens left a footprint.