EPSS
Percentile
85.4%
WordPress is vulnerable to information disclosure. The vulnerability exists because the attackers can expose password-recovery token using the brute-force technique.
core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch
core.trac.wordpress.org/ticket/28633