Researchers sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation. Read the full story from ISC SANS diary entry [sans.org] Also see ISC.com: Vulnerability is a serious problem for the latest edition of WordPress.
Source: https://threatpost.com/wordpress-hit-password-reset-vulnerability-081109/72246/