[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621

To: vuln@xxxxxxxxxxx, security@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
From: Sven Kieske <svenkieske@xxxxxxxxx>
Date: Thu, 04 Jul 2013 11:56:34 +0200

Hi,

the mentioned User account Enumeration Weakness
stated in Advisory https://secunia.com/advisories/23621/
still exists in the actual version 3.5.2 .

The corresponding trac entry for wordpress is closed as
"wontfix":
https://core.trac.wordpress.org/ticket/1129

Why?

Maybe, because the trac bug mentions just version 1.5 as affected?

I can easily reproduce this in version 3.5.2 .

Please fix this, this bug is 8 years old!

Kind Regards

Sven Kieske

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: "><script>alert(1)</script>
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: Ivan Carlos

Prev by Date: Re: [Full-disclosure] tor vulnerabilities?
Next by Date: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Previous by thread: Re: [Full-disclosure] DDoS attacks via other sites execution tool
Next by thread: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Index(es):
- Date
- Thread