Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform.
The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation. Read the full story [zdnet.com] Also see ISC SANS diary entry [sans.org]