Let’s say you have your WordPress server set up (running on IP address 192.168.1.100) to access a MySQL database named wordpressdb on the MySQL server with user wpadmin.

Not only have you configured MySQL 8 for remote connections, you’ve also created a user with access to all databases and connected to the remote server with both the command line and a GUI.

But in the affected versions of MariaDB and MySQL, as MontyProgram's Sergei Golubchik wrote in a list posting on June 9, the database can be fooled into accepting a password even if it doesn't match.