The other day a susceptability was found: a specifically crafted LINK might be asked for that would certainly enable an opponent to bypass a safety and security check to validate an individual asked for a password reset. Therefore, the initial account without a type in the data source (typically the admin account) would certainly have its password reset as well as a brand-new password would certainly be emailed to the account proprietor. This does not enable remote accessibility, however it is really irritating.
We repaired this trouble last evening as well as have actually been examining the repairs as well as trying to find various other issues ever since. Version 2.8.4 which fixes all known problems is now available for download as well as is extremely suggested for all individuals of WordPress.