Turns out that WordPress versions 2.8.0-2.8.3 have a security issues that allows anyone, and I mean anyone, to reset your admin password in just minutes and log into your site!
Seems WordPress 2.8.4 was released just to plug this hole. So, if you’ve not done so already, get to upgrading your WordPress blog today before someone compromises your site!
Read the details here: WP Admin Vulnerability
