Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#27492 closed defect (bug) (invalid)

I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website

Reported by: ovikassingho Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.9
Component: Login and Registration Keywords:
Focuses: Cc:


I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website.


  1. Goto the website wordpress login page i.e " http://www.gktw.org/blog/wp-login.php "
  2. Click on " Lost your password? " option
  3. Click on " Register " option


Directly Goto Register page i.e

" http://www.gktw.org/blog/wp-login.php?action=register "

  1. I entered username as " ovikassingho " & my email id " ovikassingho@… " and clicked Register
  2. After that I received an email from wordpress regarding my Userid and Password

So I request you to unlink the website " http://www.gktw.org/ " from my User ID i.e " ovikassingho " and my email " ovikassingho@… " , As I am not the owner of the website " http://www.gktw.org/ "

Attachments (2)

wp2.png (193.5 KB) - added by ovikassingho 6 years ago.
email that I received
WP1.png (69.0 KB) - added by ovikassingho 6 years ago.

Download all attachments as: .zip

Change History (3)

6 years ago

email that I received

6 years ago

#1 @SergeyBiryukov
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Registering on a site with open registration is not a hack.

We don't have access to standalone WordPress sites. The only person who can delete your profile is the site owner.

Please do not report "security issues" publicly. We encourage responsible, private disclosure of security issues in part so invalid reports do not spread.

Note: See TracTickets for help on using tickets.