A researcher has disclosed the details of a WordPress vulnerability that can be exploited by an unauthenticated attacker to reset a targeted user’s password. The flaw was reported to WordPress months ago, but it still has not been patched.
Article Link: http://feedproxy.google.com/~r/Securityweek/~3/qtdIV0Gzxiw/unpatched-wordpress-password-reset-flaw-disclosed