CVE-2014-6412
CVE-2014-6412 affects WordPress prior to 4.4, where the password-recovery token generation is vulnerable due to weak randomness. This can enable remote attackers to brute-force or predict tokens, potentially compromising password resets. Reports across multiple feeds (NVD entry, Ubuntu/Debian adv...