WordPress prior to 4.4 makes it easier for remote malicious users to predict password-recovery tokens via a brute-force approach.
wordpress wordpress