Opened 6 years ago
Closed 5 years ago
#47412 closed defect (bug) (invalid)
home pages of sites under maintenance can be displayed by adding /?wp-login.php to url
Reported by: | sportair | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
I have discovered by accident that adding /?wp-login.php to the url of a site in maintenance mode allows the site home page to be displayed. no further navigation is possible.
Since discovering this today I have successfully displayed the home page on several different sites while in maintenance mode.
Regards
Chris
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hi @sportair,
WordPress doesn't include any Maintenance Mode functionality by default, so I'm assuming the sites in question are using a plugin.
This trac isn't for reporting security issues, let alone plugin security issues.
For details on how to report such issues, please see these handbooks:
https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/
https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/