Yet another upgrade has been announced to WordPress. Version 2.8.3 was released early last week, and today 2.8.4 has been announced. Look at the timeline.
09-Jul 2.8.1
20-Jul 2.8.2
03-Aug 2.8.3
12-Aug 2.8.4
Once again, it is termed a security release. According to Matt, if you are still using 2.8.3
a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
So, go download 2.8.4 or upgrade using your WordPress dashboard.
