If you have allowed open registration for your blog readers, you might want to consider upgrading to the latest version of WordPress – 2.6.2. This new release of WordPress fixes some vulnerabilities and exploits which can be used by attackers.
Here is what WordPress blog says about this exploit :-
With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
Some other bug fixes include:-
- Images that were always inserted into a post at full size
- RSS widget linking if there isn’t a link
- Inability to control where a user redirects to when they log in
- Include mysql version in version check query string
For more information, check out the release post.
If you are already using WordPress 2.6.1, you can save time by just downloading a zip archive of 12 files that you have to replace in order to upgrade to 2.6.2. Go here and scroll right down to the bottom of the page and click on “Zip Archives”.
12 replies on “WordPress 2.6.2 Released”
certainly like your website but you need to check the spelling on quite a few of your posts. Many of them are rife with spelling issues and I find it very bothersome to tell the truth nevertheless I’ll surely come back again.
WordPress – 2.6.2?
WordPress – 2.7
??? ? ????? ?????????? ???? ???????????!
?? ? ????: ???? ??????? ????? ??????????, ????????? ? ?????? ???????
?????-?????? ???????? ??? ????, ?? ? ???????
“?????? ??? ????? ? ??????????”
Nice theme
I downloaded the latest version from wordpress.org, but the readme has 2.6.1 as the version number and it won’t let me upgrade -_-
Yeah well, I noticed that and I was like “Oh no! Not again!”
Really, this is a pain in the butt for a wordpress newb like me to stay up with frequent updates. Oh well .. sigh.
Something in my wordpress seems to always break with another upgrade.. so I’m not updating this to this one quite yet on my main site.
hey there thanks for the update! anyway i’ve upgraded to wordpress 2.6.2 and this is a necessary upgrade if you allow open registrations. for those who don’t i guess you just wait for the upcoming versions. 🙂
thank jai, i always stay tune your blog…hik…hik..hik
Thanks for the headsup on WP 2.6.2! Now to upgrade my gadget blog! 🙂
Thanks man for the info.There’s always another angle to things like this.The question is should I upgrade? Jai here is just pointing out why you should consider doing it.
Thanks a lot for the information, but every wordpress user will know about this because it pops up on their admin section !