wp_insert_user allows a user to be created with empty passwords
|Reported by:||ancawonka||Owned by:|
While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).
wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.
Change History (12)
- Cc cklosowski@… added
- Keywords has-patch needs-testing added; needs-refresh removed