id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
15286,can reset admin password by adminajax.php,rYokiNG,,"when you type ""/wp-admin/admin-ajax.php?action=wp-compression-test&test=1&1287468825469"";

and refresh 3 time admin password just reset,

i have video for this report but can't attach it big file.

{{{
require_once('../wp-load.php');
> 
> if ( ! isset( $_REQUEST['action'] ) )
> die('-1');
> 
> require_once('./includes/admin.php'); //load admin.php already
> @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
> send_nosniff_header();
> 
> do_action('admin_init');
> 
> if ( ! is_user_logged_in() ) { //check after
> 
> if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
> $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
> 
> if ( ! $id )
> die('-1');
}}}",defect (bug),closed,normal,,Administration,3.0.1,critical,worksforme,reporter-feedback,