What vulnerability? Well, the person who disclosed the vulnerability, Stefan Esser, calls it the SQL Column Truncation Vulnerabilities. What is it? In plain English, it allows them bad people to sort of modify passwords of other existing users in the system.

Them bad people will still not be able to get into the system as other users, though. The new password is still unknown to them as it was randomly generated. However, it is still breakable with a little more effort since there is also a weakness in how the random password was generated.

What this does is basically annoy your users as they will then have to reset their passwords since it’s been changed by the bad people. Thus, if you don’t want your registered users and customers to be annoyed silly by these bad people who go around changing user passwords, I recommend that you upgrade your WordPress installation to 2.6.2

Do note that the SQL Column Truncation Vulnerability affects all application using MySQL as the backend database. Verify with your app vendor about this.

Evernote lets you save all the interesting things you see online into a single place. Access all those saved pages from your computer, phone or the web. Sign up now or learn more. It's free!