CVE-2014-6412

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.