[wp-trac] [WordPress Trac] #61968: Explaining a vulnerability in all versions of WordPress that allows access to the site's control panel
WordPress Trac
noreply at wordpress.org
Sat Aug 31 22:44:27 UTC 2024
#61968: Explaining a vulnerability in all versions of WordPress that allows access
to the site's control panel
--------------------------+-----------------------------
Reporter: houssam23i | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 6.6.1
Severity: critical | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
I will explain to you a vulnerability that I found in all versions of
WordPress that allows access to the control panel for WordPress sites.
First thing I did was target a large site with a large number of users,
then I used some tools to extract the emails of the users on the site.
Then I filtered the email accounts I found by sending them an email, and
here I found that many of the email accounts were not working, and then I
checked them manually and found that they were actually available.
I took the name of the email account from the email I found and opened an
email account with the same name, and this enabled me to change the user
password and access the site panel.
I reported the vulnerability to the site owner and he changed all the
available email accounts that were not working.
But ordinary WordPress users do not have enough experience to know that
putting an email account name in the user information allows anyone to
access their sites, and the solution to this problem can be modified by
modifying the Add My Email element.
And only allow adding the email that works and belongs to the user by
sending an activation code to the email
The explanation is long I know but it is worth it, I hope this error will
be fixed to protect users' sites and to provide a safe environment
Knowing that during my examination I found many sites where I can at least
find an email or two available
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61968>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list