[wp-trac] [WordPress Trac] #48563: Changing site admin email address is backwards

WordPress Trac noreply at wordpress.org
Tue Apr 27 00:11:02 UTC 2021

#48563: Changing site admin email address is backwards
 Reporter:  maguijo      |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Users        |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  2nd-opinion  |     Focuses:  administration

Comment (by m0ze):


 > As it stands, I as a hacker can change the address to my address and it
 is my address that received the email requesting acknowledgement, not

 You know, you can change the Network Admin Email on the /wp-
 admin/options.php page **w/o any confirmations** (''admin_email'' and
 ''new_admin_email'' input fields), so it's definitely not a security

Ticket URL: <https://core.trac.wordpress.org/ticket/48563#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list