[wp-trac] [WordPress Trac] #25651: wp_mail not setting Sender and Reply-To headers, exposing hosting account info on some cPanel servers
WordPress Trac
noreply at wordpress.org
Mon Oct 21 18:09:20 UTC 2013
#25651: wp_mail not setting Sender and Reply-To headers, exposing hosting account
info on some cPanel servers
----------------------------+-----------------------------
Reporter: MaximumResults | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.6.1
Severity: major | Keywords:
----------------------------+-----------------------------
When WordPress and WordPress plugins send emails using wp_mail() in wp-
includes/pluggable.php, the "Sender:" and "Reply-to:" headers are not
being set. When this happens on cPanel based hosting services, the mail
headers on the resulting emails expose the hosting account login name and
the hosting server in the hosting service's name space (something like
myccount at host99.myhostingservice.com ). This provides everything necessary
to access the hosting account as the owner of the account, except the
password. Registrants on a site should not be provided this information.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25651>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list