Make WordPress Core

Opened 9 months ago

Closed 7 months ago

#59571 closed enhancement (duplicate)

Summary: No rate limit check on Reset forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit

Reported by: princegill's profile princegill Owned by:
Milestone: Priority: normal
Severity: critical Version:
Component: Users Keywords:
Focuses: Cc:


Browsers Verified In:
Steps To Reproduce:
1 Registered account

2 Go to

3 Enter Email Send Reset Intructions check mail and reset password

4 5 to 10 min wait open same link and reset again password

5 Boom.....✹

Attachments (1)

poc.mp4 (8.3 MB) - added by princegill 9 months ago.

Change History (2)

9 months ago

#1 @SergeyBiryukov
7 months ago

  • Component changed from General to Users
  • Focuses rest-api removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #12682.

Note: See TracTickets for help on using tickets.