Opened 5 years ago
Closed 5 years ago
#49598 closed defect (bug) (invalid)
Create users under administrator authority. important!
Reported by: | diziwatch | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Hello. When I entered the administration panel today, I saw a new user. The user appeared as an administrator. this https://imgur.com/a/qel0sHS .I immediately checked the registration dates of the user from the server logs. There is facebook profile information in the edit profile section in my theme.
The user entered the following in this section. this https://pastebin.com/uxxdbkTW.
then i checked the js link written in the code. that file is here
https://pastebin.com/EWCtRTSQ. I think there is a vulnerability in the user-new.php file. Or there is a deficit in my theme, I wanted to report this. I hope you get back to me. good work.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hello @diziwatch, welcome to WordPress Trac!
Thank you for the report.
We're unable to help you with your site on this Trac. Please take a look at the FAQ My site was hacked in our support section or try the support forums to get help with your site: https://wordpress.org/support/forums/.