[wp-trac] [WordPress Trac] #62905: Prevent registration bypass when user registration is disabled
WordPress Trac
noreply at wordpress.org
Wed Feb 5 11:22:00 UTC 2025
#62905: Prevent registration bypass when user registration is disabled
------------------------------------+------------------------------
Reporter: jonathancaron02 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch close | Focuses:
------------------------------------+------------------------------
Changes (by swissspidy):
* keywords: has-patch => has-patch close
Comment:
Hi there and welcome to WordPress Trac!
Since you've started your message with " I discovered a potential
vulnerability", think twice about sharing such things publicly. Imagine
the damage you could cause with that!
Next time, please learn more about
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ reporting potential security vulnerabilities]
**responsibly and privately**.
With that said, I cannot confirm your report. There is already a redirect
in place if registration is disabled:
https://github.com/WordPress/wordpress-
develop/blob/7d10dd7b0fde2a782395887c2d66439481440f9b/src/wp-
login.php#L1102-L1118
You might be using a plugin or theme that alters the standard flow on the
login page that causes this behavior. In that case you should report it to
that plugin or theme — again, responsibly and privately.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62905#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list