holy security breach, batman!! If I forward my email ANYONE can change my settings
-
I received an email from a blog I’m subscribed to this morning. It was a cool article, so I forwarded it to a friend. My friend decided he wanted to ‘follow’ the same blog, so he clicked the links at the bottom of the email.
He was then able to MANAGE all of MY subscriptions and even change the email address on my account!?!??!?!?This is the link that is included in the email from the blog: https://subscribe.wordpress.com/?email=jason%40madcowweb.com
How in the world is this possible?? I was not even logged in at the time. This can’t be the actual way your software works, is it? That anyone can manage everyone else’s account just by nature of the email that is sent?!?!?
Looking forward to a reply!!
-
and now.. like a dumbass, i put that link in this forum… Sooooooo I guess I’m cancelling my account now.
WTF!?!?
-
That link is to view and manage your subscriptions on the account. The only way that anyone can change the email address on your account is if they actually gain access to your email account to approve the change with the confirmation that we send.
Best practice is to enable 2 factor authentication on both the WordPress.com account and your email account.
https://wordpress.com/support/security/two-step-authentication/
- The topic ‘holy security breach, batman!! If I forward my email ANYONE can change my settings’ is closed to new replies.
WordPress.com Forums 