[wp-trac] [WordPress Trac] #49598: Create users under administrator authority. important!
WordPress Trac
noreply at wordpress.org
Sun Mar 8 14:06:04 UTC 2020
#49598: Create users under administrator authority. important!
--------------------------+-----------------------------
Reporter: diziwatch | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.3.2
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello. When I entered the administration panel today, I saw a new user.
The user appeared as an administrator. this https://imgur.com/a/qel0sHS .I
immediately checked the registration dates of the user from the server
logs. There is facebook profile information in the edit profile section in
my theme.
The user entered the following in this section. this
https://pastebin.com/uxxdbkTW.
then i checked the js link written in the code. that file is here
https://pastebin.com/EWCtRTSQ. I think there is a vulnerability in the
user-new.php file. Or there is a deficit in my theme, I wanted to report
this. I hope you get back to me. good work.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49598>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list