The other day a susceptability was uncovered: a specifically crafted link can be asked for that would certainly enable an assaulter to bypass a safety check to confirm a customer asked for a password reset. Because of this, the very first account without a type in the data source (generally the admin account) would certainly have its password reset and also a brand-new password would certainly be emailed to the account proprietor. This does not enable remote gain access to, however it is extremely aggravating.
We repaired this issue last evening and also have actually been examining the solutions and also trying to find various other issues ever since. Version 2.8.4 which fixes all known problems is now available for download and also is extremely advised for all customers of WordPress.