The other day a susceptability was uncovered: a particularly crafted link might be asked for that would certainly permit an assailant to bypass a protection check to confirm an individual asked for a password reset. Because of this, the initial account without a type in the data source (normally the admin account) would certainly have its password reset as well as a brand-new password would certainly be emailed to the account proprietor. This does not permit remote gain access to, yet it is really aggravating.
We repaired this issue last evening as well as have actually been checking the solutions as well as searching for various other issues ever since. Version 2.8.4 which fixes all known problems is now available for download as well as is extremely advised for all customers of WordPress.