id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
15286	can reset admin password by adminajax.php	rYokiNG		"when you type ""/wp-admin/admin-ajax.php?action=wp-compression-test&test=1&1287468825469"";

and refresh 3 time admin password just reset,

i have video for this report but can't attach it big file.

{{{
require_once('../wp-load.php');
> 
> if ( ! isset( $_REQUEST['action'] ) )
> die('-1');
> 
> require_once('./includes/admin.php'); //load admin.php already
> @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
> send_nosniff_header();
> 
> do_action('admin_init');
> 
> if ( ! is_user_logged_in() ) { //check after
> 
> if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
> $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
> 
> if ( ! $id )
> die('-1');
}}}"	defect (bug)	closed	normal		Administration	3.0.1	critical	worksforme	reporter-feedback