Public CVE-2014-6169 disclosure

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.