[wp-trac] [WordPress Trac] #49315: Critical vurnelability - logging in with username and password of another wordpress web site
WordPress Trac
noreply at wordpress.org
Tue Jan 28 17:55:38 UTC 2020
#49315: Critical vurnelability - logging in with username and password of another
wordpress web site
--------------------------+-----------------------------
Reporter: smartwater | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hi there,
I have three wordpress web sites all three of them hosted by the same web
hosting company.
Yesterday I noticed I logged in as administrator to web site #3 using user
name and password of my web site #1.
I use opera browser, I saved those user names and passwords within Opera
browser and for some weird reason opera offered me user name and password
of my web site #1 when I wanted to log into web site #3. And it worked.
I am not very proficient with programming etc but things like that should
not happen.
I use Wordfence plugin also another 2-3 plugins.
I hope this information will be useful.
Regards,
Milorad
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49315>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list