home
Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers reset the administrator password. The bug in version 2.8.3 is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required, according to this alert published on the Full-Disclosure mailing list.
New Version : http://wordpress.org/development/2009/08/2-8-4-security-release/
