For all you WordPress blog users out there, you may have heard about or even experienced (hopefully not) a vulnerability in WordPress version 2.8.3.  If you haven’t heard, then read on.

It was discovered earlier this week that it was possible for hackers to somehow bypass the security check needed to very the account owner when doing a password reset.  So basically, anyone was able to reset the password on the WordPress admin login.  They didn’t actually gain access to the admin panel or get the password.  All this did was reset the password and have it resent to the admin email on the account just as if the owner of the blog had requested it themselves.

While this is not a damaging or catastrophic problem, it can be very annoying having to constantly change back the password everytime this vulnerability was taken advantage of.  WordPress has already addressed the problem and has issued another update (version 2.8.4) which patches up this hole.  This patch can be downloaded from WordPress’ website or automatically installed from within your WordPress blog.   As always, WordPress recommends installing the lastest version of their blog to ensure a secure and stable site.

For more information about this vulnerability, be sure to go to WordPress.org