Tag: WordPress
New WordPress 2.8.4 Security Update
The developers at WordPress just discovered a specific vulnerability in the code. They describe the issue as follows: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user asked for a password reset. As a result of this problem, the first account without…
WordPress 2.8.3 Security Upgrade
WordPress developers missed some places when fixing the privilege escalation issues for WordPress 2.8.1. Luckily, they got excellent feedback from the WordPress community and were able to fix this small issues. Many followers in the community dug deeper and discovered some areas that were overlooked. With their help, the remaining issues are now fixed in WordPress 2.8.3.…
The importance of using Changelogs
New WordPress 2.8.2 Released
This new version of WordPress fixes a cross-site scripting (XSS) vulnerability. The comment author URLs were not fully sanitized when displayed in the admin area. This vulnerability could be exploited to redirect you away from the admin to another site. You can upgrade WordPress automatically and in a few seconds. Just…
WordPress 2.8.1 Released
Great news! WordPress 2.8.1 was finally released! This version fixes many bugs and improves security for the plugin administration pages. Core Security Technologies notified the WordPress team that admin pages added by some plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, however they advise upgrading…
Beta 2 of WordPress 2.8.1 Released
WordPress 2.8.1 Beta 2 is available for testing. You can download this new beta release and check out the changes since Beta 1. We recommend that all plugin developers test their plugins on beta 2 and let us know of any issues. Notable fixes in WordPress 2.8.1 beta 2 are: _Translation of role names has been fixed _Upload…
New WordPress 2.8.4 Security Update
The developers at WordPress just discovered a specific vulnerability in the code. They describe the issue as follows: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user asked for a password reset. As a result of this problem, the first account without…
WordPress 2.8.3 Security Upgrade
WordPress developers missed some places when fixing the privilege escalation issues for WordPress 2.8.1. Luckily, they got excellent feedback from the WordPress community and were able to fix this small issues. Many followers in the community dug deeper and discovered some areas that were overlooked. With their help, the remaining issues are now fixed in WordPress 2.8.3.…
The importance of using Changelogs
New WordPress 2.8.2 Released
This new version of WordPress fixes a cross-site scripting (XSS) vulnerability. The comment author URLs were not fully sanitized when displayed in the admin area. This vulnerability could be exploited to redirect you away from the admin to another site. You can upgrade WordPress automatically and in a few seconds. Just…
WordPress 2.8.1 Released
Great news! WordPress 2.8.1 was finally released! This version fixes many bugs and improves security for the plugin administration pages. Core Security Technologies notified the WordPress team that admin pages added by some plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, however they advise upgrading…
Beta 2 of WordPress 2.8.1 Released
WordPress 2.8.1 Beta 2 is available for testing. You can download this new beta release and check out the changes since Beta 1. We recommend that all plugin developers test their plugins on beta 2 and let us know of any issues. Notable fixes in WordPress 2.8.1 beta 2 are: _Translation of role names has been fixed _Upload…