WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
mitre·CWE-640·Published 2018-04-12