WordPress 2.8.4 has been released to patch a new WordPress vulnerability. A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. If you’re running the 2.8 branch, make sure to update your blog.