WordPress.org

Make WordPress Core

#49598 closed defect (bug) (invalid)

Create users under administrator authority. important!

Reported by: diziwatch Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Hello. When I entered the administration panel today, I saw a new user. The user appeared as an administrator. this https://imgur.com/a/qel0sHS .I immediately checked the registration dates of the user from the server logs. There is facebook profile information in the edit profile section in my theme.
The user entered the following in this section. this https://pastebin.com/uxxdbkTW.
then i checked the js link written in the code. that file is here
https://pastebin.com/EWCtRTSQ. I think there is a vulnerability in the user-new.php file. Or there is a deficit in my theme, I wanted to report this. I hope you get back to me. good work.

Change History (1)

#1 @ocean90
13 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from critical to normal
  • Status changed from new to closed
  • Version 5.3.2 deleted

Hello @diziwatch, welcome to WordPress Trac!

Thank you for the report.
We're unable to help you with your site on this Trac. Please take a look at the FAQ My site was hacked in our support section or try the support forums to get help with your site: https://wordpress.org/support/forums/.

Note: See TracTickets for help on using tickets.