Wordpress Admin Password Reset Vulnerability(情報元のブックマーク数)
WordpressにAdminパスワードをリセットされる脆弱性が存在とのこと、CSRFの脆弱性かな?
"Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner." - Wordpress.org
Wordpress Admin Password Reset Vulnerability
User's are urged to upgrade to 2.8.4 immediately. Additional details can be found below.