Yesterday a vulnerability was found: a specifically crafted URL might be requested that may permit an attacker to bypass a safety examine to confirm a person requested a password reset. Consequently, the primary account with no key within the database (normally the admin account) would have its password reset and a brand new password could be emailed to the account proprietor. This doesn’t permit distant entry, however it is extremely annoying.
We fastened this drawback final evening and have been testing the fixes and searching for different issues since then. Version 2.8.4 which fixes all known problems is now available for download and is extremely really useful for all customers of WordPress.