WordPress has released version 2.6.2 to address multiple vulnerabilities. These vulnerabilities are due to SQL column truncation and weaknesses in random number generation. Combined, these vulnerabilities may allow an attacker to reset a user's password and possibly predict the newly generated password. Exploitation of these vulnerabilities could permit an attacker to gain access to a system running WordPress with open registration enabled under the context of a legitimate user.

US-CERT encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as necessary.

Read more: US-CERT Current Activity