Lately for some reason the popular open-source blogging platform WordPress (That runs this blog) has been experiencing sudden security updates (2.8.3 fixed what 2.8.2 was supposed to fix) and today (or yesterday cause I don’t know exactly when it was released) 2.8.4 came out to fix another issue.
Basically by going to a specially crafted URL that allows a malicious user to reset the password of any user who does not have a key in the database. Since this doesn’t result in the malicious use having admin access some say it is just an annoyance and not a security risk but I think that anything that allows someone to cause trouble with your site is a security risk.
Thanks to wptavern.com for the info regarding this.