[wp-trac] [WordPress Trac] #61968: Explaining a vulnerability in all versions of WordPress that allows access to the site's control panel

WordPress Trac noreply at wordpress.org
Sat Aug 31 22:44:27 UTC 2024


#61968: Explaining a vulnerability in all versions of WordPress that allows access
to the site's control panel
--------------------------+-----------------------------
 Reporter:  houssam23i    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Users         |    Version:  6.6.1
 Severity:  critical      |   Keywords:  needs-patch
  Focuses:                |
--------------------------+-----------------------------
 I will explain to you a vulnerability that I found in all versions of
 WordPress that allows access to the control panel for WordPress sites.

 First thing I did was target a large site with a large number of users,
 then I used some tools to extract the emails of the users on the site.

 Then I filtered the email accounts I found by sending them an email, and
 here I found that many of the email accounts were not working, and then I
 checked them manually and found that they were actually available.

 I took the name of the email account from the email I found and opened an
 email account with the same name, and this enabled me to change the user
 password and access the site panel.

 I reported the vulnerability to the site owner and he changed all the
 available email accounts that were not working.

 But ordinary WordPress users do not have enough experience to know that
 putting an email account name in the user information allows anyone to
 access their sites, and the solution to this problem can be modified by
 modifying the Add My Email element.

 And only allow adding the email that works and belongs to the user by
 sending an activation code to the email

 The explanation is long I know but it is worth it, I hope this error will
 be fixed to protect users' sites and to provide a safe environment

 Knowing that during my examination I found many sites where I can at least
 find an email or two available

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61968>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list