08-11-2009, 12:19 PM
|
|
|
Confirmed User
Industry Role:
Join Date: Jul 2008
Location: In your back seat with duck tape
Posts: 4,568
|
Quote:
Originally Posted by fris
Before you make posts saying shit please understand this exploit before you go all bananas.
You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing.
http://www.milw0rm.com/exploits/9410
Proof of concept
Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple.
fix, edit 1 line of the code
http://core.trac.wordpress.org/changeset/11798
 |
I dont use admin on any wordpress site
__________________
High Performance Vps $10 Linode
Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot
|
|
|