id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 25651 wp_mail() not setting Sender and Reply-To headers, exposing hosting account info on some cPanel servers MaximumResults "When WordPress and WordPress plugins send emails using wp_mail() in wp-includes/pluggable.php, the ""Sender:"" and ""Reply-to:"" headers are not being set. When this happens on cPanel based hosting services, the mail headers on the resulting emails expose the hosting account login name and the hosting server in the hosting service's name space (something like myccount@host99.myhostingservice.com ). This provides everything necessary to access the hosting account as the owner of the account, except the password. Registrants on a site should not be provided this information. " defect (bug) closed normal Mail 3.6.1 major duplicate