Lack of Password Confirmation when Changing Password and Email
W
WordPress
Submitted None
Actions:
Reported by
0xspade
Vulnerability Details
Technical details and impact analysis
Hello Team,
I noticed that it is not necessary to put your Password when Changing Emails, Password, etc..
which is easy to an attacker to Change it's Victim's Credentials when he hijack or takeover an account on wordpress forum account.
Let me know if you need more information.
Best Regards,
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate