WordPress.org

Make WordPress Core

Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#48895 closed defect (bug) (duplicate)

Anyone is able to access wp-admin to update the database when I update the core using wp-cli.

Reported by: ixkaito Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Database Keywords:
Focuses: administration Cc:

Description

If I updated the core which requires database update via wp-cli, anyone would be able to access https://example.com/wp-admin/ to update the database without login.

Change History (3)

#1 @dkarfa
8 months ago

Hi @ixkaito,
Can you give more context about it?
Thx

#2 @jeremyfelt
8 months ago

  • Component changed from Security to Database
  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @ixkaito, thanks for opening a ticket.

I'm going to close this as a duplicate of #3901, as this is working as expected/designed and is not a security issue. Please see previous discussions on #3901 and #34200 for more background on the decision.

#3 @ixkaito
8 months ago

Thank you @jeremyfelt . I got it.

Note: See TracTickets for help on using tickets.