The attackers can change an arbitrary userβs password to a random value by registering a similar username and then requesting a password reset, related to a βSQL column truncation vulnerability.β, because this WordPress does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames.
Update WordPress.