WordPress has released version 2.6.2 to address multiple vulnerabilities.
These vulnerabilities are due to SQL column truncation and weaknesses in random number generation.
Combined, these vulnerabilities may allow an attacker to reset a user’s password and possibly predict the newly generated password.
Exploitation of these vulnerabilities could permit an attacker to gain access to a system running WordPress with open registration enabled under the context of a legitimate user.
Users of WordPress are urged to either login and update their WordPress Accounts or visit one of the pages below for more information.