Upgrade Your Wordpress to 2.8.4!
11th September 2009 | 
Author: In case you are still using an outdated Wordpress between version 2.8 to 2.8.3, please update it to the latest version.
There is a vulnerability on these versions where a person without the admin e-mail address may reset the admin password.
Normally, when you forget your password, you will visit the following: http://[wordpress hosted site]/wp-login.php?action=lostpassword
Basic Password Reset
Then you will receive a reset confirmation mail like below:
Someone has asked to reset the password for the following site and username.
http://[wordpress hosted site]
Username: admin
To reset your password visit the following address, otherwise just
ignore this email and nothing will happenhttp://[wordpress hosted site]/wp-login.php?action=rp&key=<key>
When you click the link, a reset password would be sent to you.
However, there is a method to bypass the need to input your e-mail and validation to reset your password.
A person just need to key in this on the URL bar to initiate the reset:
http://[wordpress hosted site]/wp-login.php?action=rp&key[]=
Initiation of Password Reset
Yes, your password is reset right away without e-mail validation.
New Password in my Gmail account
So, my word of advice is to update to the latest 2.8.4 where this vulnerability is patched.
Posted in 
mine is already latest
That’s good.