[wp-trac] [WordPress Trac] #3410: Security : wp-admin/users.php No
role user can list all wp users
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 30 10:29:48 GMT 2006
#3410: Security : wp-admin/users.php No role user can list all wp users
-----------------------+----------------------------------------------------
Reporter: devil1591 | Owner: anonymous
Type: defect | Status: new
Priority: highest | Milestone: 2.1
Component: Security | Version:
Severity: critical | Keywords: security users.php
-----------------------+----------------------------------------------------
A simple user, even without role can list every WP users.
- Just login to WP with a basic account
- Type /wp-admin/users.php at the end of the URL
Then it lists every users, with email and others...
--
Ticket URL: <http://trac.wordpress.org/ticket/3410>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list