The other day a susceptability was uncovered: a specifically crafted LINK can be asked for that would certainly permit an assaulter to bypass a protection check to confirm an individual asked for a password reset. Consequently, the initial account without a type in the data source (typically the admin account) would certainly have its password reset and also a brand-new password would certainly be emailed to the account proprietor. This does not permit remote accessibility, however it is extremely frustrating.
We repaired this issue last evening and also have actually been evaluating the repairs and also seeking various other issues ever since. Version 2.8.4 which fixes all known problems is now available for download and also is extremely suggested for all customers of WordPress.