CVE-2014-6412by Jeremyin Security Bulletinson Posted on April 15, 2018 WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.