WordPress has a PHP script named emergency.php
which is designed to help sites administrators reset their passwords as a last resort.
When exposed with the web application, this file can allow a remote and unauthenticated attacker to perform a password reset of the administrator account.
No source data