Another heads up for all WordPress users. The WordPress dev team just released another security update WordPress 2.8.4 to fix a vulnerability discovered yesterday.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
I strongly advice to upgrade your WordPress ASAP. Doing the upgrade will only take a few minutes of your time and in case you’re still new to WordPress and are not familiar with the process, the WordPress Codex has a dedicated page that contains a detailed process on how to upgrade WordPress.
