The other day a susceptability was uncovered: a particularly crafted LINK might be asked for that would certainly permit an enemy to bypass a safety and security check to validate a customer asked for a password reset. Therefore, the initial account without a type in the data source (typically the admin account) would certainly have its password reset and also a brand-new password would certainly be emailed to the account proprietor. This does not permit remote gain access to, however it is extremely aggravating.
We repaired this trouble last evening and also have actually been examining the solutions and also trying to find various other issues ever since. Version 2.8.4 which fixes all known problems is now available for download and also is extremely suggested for all individuals of WordPress.