Bug Type: Session Management[Session invalidation ] | ww.wp.xz.cn

Resolved garybrindley
(@garybrindley)

5 years, 7 months ago
We received an email from “The Ethical Hacker” this morning saying:

[security content removed]

I don’t know if this is genuine but didn’t want to post it directly as a bug to Core Team. It seems too obvious to have been missed? Is this real or is this something doing the rounds?
- This topic was modified 5 years, 7 months ago by James Huff. Reason: security content removed
The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Moderator James Huff
(@macmanx)

5 years, 7 months ago

That doesn’t seem valid to me, or at the very least it would require Administrator access to the site to begin with, at which point you can do anything anyway by design.

But, just to be safe, please report it following the steps at https://make.ww.wp.xz.cn/core/handbook/testing/reporting-security-vulnerabilities/

Thread Starter garybrindley
(@garybrindley)

5 years, 7 months ago

Ok, thanks

steveindzine
(@steveindzine)

5 years, 6 months ago

Hi @garybrindley one of my clients received the same email as you. Were you able to report it and get a reply?

Steve

Thread Starter garybrindley
(@garybrindley)

5 years, 6 months ago

Hi @steveindzine I didn’t report it in the end. After we examined it a while longer we realised no ethical hacker would write an email in that way so we didn’t bother the devs with it.

steveindzine
(@steveindzine)

5 years, 6 months ago

That makes sense. When I googled some of the wording an identical email was sent to someone about Prestashop so I had my doubts. I was going to try to report this email myself but I didn’t seem to fit the criteria for the report.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Bug Type: Session Management[Session invalidation ]’ is closed to new replies.

In: Fixing WordPress
5 replies
3 participants
Last reply from: steveindzine
Last activity: 5 years, 6 months ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics