[wp-trac] [WordPress Trac] #10735: CVE-2008-6767 patch: Only admin can upgrade wordpress
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 12 07:45:20 UTC 2009
#10735: CVE-2008-6767 patch: Only admin can upgrade wordpress
-----------------------------+----------------------------------------------
Reporter: Derevko | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: Upgrade/Install | Version:
Severity: normal | Keywords: has-patch
-----------------------------+----------------------------------------------
Comment(by Derevko):
Replying to [comment:1 scribu]:
> You should use 'administrator' instead of 'level_10'.
The original patch did have 'administrator', but a user point me the fact
that sometimes the administrator default account could not exist or
renamed for security hardening
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10735#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list