The other day a susceptability was found: a particularly crafted link can be asked for that would certainly enable an enemy to bypass a safety check to validate an individual asked for a password reset. Therefore, the very first account without a type in the data source (normally the admin account) would certainly have its password reset and also a brand-new password would certainly be emailed to the account proprietor. This does not enable remote gain access to, yet it is extremely irritating.
We repaired this trouble last evening and also have actually been evaluating the repairs and also trying to find various other troubles ever since. Version 2.8.4 which fixes all known problems is now available for download and also is very suggested for all individuals of WordPress.