The following advisory describe Unauthorized Password Reset vulnerability found in WordPress version 4.3.1.
WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 60 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family
An independent security researcher, Dawid Golunski, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
We notified WordPress about the vulnerabilities back in June 2016, repeated attempts to re-establish contact and get some answers on the status of the patch for this vulnerability went unanswered. At this time there is no solution or workaround for this vulnerability.