On May 3, 2017, the open-source CMS software WordPress was revealed to have a password reset vulnerability. The vulnerability affects all versions of WordPress and may cause data leakage.
See the following for more information about the vulnerability.
Password reset vulnerability in WordPress Core 4.7.4 and earlier versions
The WordPress password reset vulnerability allows an attacker to directly obtain the password reset link without authentication in some cases. The attacker may obtain unauthorized access to WordPress accounts, resulting in data leakage.
Condition and method of exploitation
WordPress Core <= 4.7.4
How to fix or mitigate
Follow up the latest official version of WordPress, and upgrade WordPress in a timely manner.