[wp-trac] [WordPress Trac] #48563: Changing site admin email address is backwards
WordPress Trac
noreply at wordpress.org
Tue Apr 27 00:11:02 UTC 2021
#48563: Changing site admin email address is backwards
-------------------------+------------------------------
Reporter: maguijo | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses: administration
-------------------------+------------------------------
Comment (by m0ze):
@lars2923
> As it stands, I as a hacker can change the address to my address and it
is my address that received the email requesting acknowledgement, not
yours.
You know, you can change the Network Admin Email on the /wp-
admin/options.php page **w/o any confirmations** (''admin_email'' and
''new_admin_email'' input fields), so it's definitely not a security
measure.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48563#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list