Serious security defect detected on WordPress.com
-
Hi. Today I logged into my wordpress.com account and…
something VERY very bad happened.. I was “logged” but as a differente user!
I was able to edit all the site’s posts, content, settings, see billing information.It happens that this site I was able to see, belongs to someone from my same city. I can 100% confirm that my account , nor me, have nothing to do with this site…
So basically, guys, I have been waiting 40 mins for support to give me a reply on the “slider chat” on the bottom left of the screen. this is a VERY serious issue!!!
I’m not sure how much users are impacted by this problem.
But, imagine if this is happening to more than 1 person… it can be very very bad news!!!I can share more details with support if there is any channel to send details like cookies or session ID, let me know.
-
-
In a totally personal computer, I have never used that user’s account, don’t know him at all.
I was able to view all this personal details and I was able to click any part of the dashboard and use it.
OFC nothing has been done and I have notified the owner of this site about the issue so that he is aware of this…
-
-
@mutantecosmico: I sent you an email to the email address on file for your account with the subject line “[WordPress.com] Following up on your forums thread” asking for more details.
Please continue this correspondence via email. Thanks!
-
-
-
I sent it again just now to be sure. If it’s not in your inbox, please check your spam folder.
Thanks!
- The topic ‘Serious security defect detected on WordPress.com’ is closed to new replies.
WordPress.com Forums 