Security : wp-admin/users.php No role user can list all wp users
|Reported by:||devil1591||Owned by:||westi|
|Priority:||highest omg bbq||Milestone:||2.1|
|Severity:||critical||Keywords:||security users.php has-patch|
A simple user, even without role can list every WP users.
- Just login to WP with a basic account
- Type /wp-admin/users.php at the end of the URL
Then it lists every users, with email and others...
Change History (5)
- Keywords has-patch added
- Owner changed from anonymous to westi
- Status changed from new to assigned
- Version set to 2.1
Note: See TracTickets for help on using tickets.