[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Thu Mar 30 15:33:23 UTC 2023
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------+-----------------------------
Reporter: kraftbj | Owner: SergeyBiryukov
Type: feature request | Status: reviewing
Priority: normal | Milestone: Future Release
Component: Security | Version:
Severity: major | Resolution:
Keywords: has-patch needs-refresh | Focuses: administration
-------------------------------------+-----------------------------
Comment (by stevejburge):
I think it's worth continuing this discussion. This loophole came up again
this week in an Elementor vulnerability.
https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-
wordpress-elementor-pro-plugin/
It might not have entirely mitigated this vulnerability, but it can't hurt
to remove "Administrator" by default.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:30>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list