[wp-trac] [WordPress Trac] #63085: "Login details" spam sent by from the account registration page
WordPress Trac
noreply at wordpress.org
Thu Apr 16 15:20:41 UTC 2026
#63085: "Login details" spam sent by from the account registration page
-------------------------------------------------+-------------------------
Reporter: cweiske | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses:
info |
-------------------------------------------------+-------------------------
Comment (by SergeyBiryukov):
Hi there, thanks for the ticket!
Replying to [comment:12 minimoo]:
> I'm just imagining that someone may have made their username www.yyyy
.com-admin or similar in the past, which then would no longer be valid
after the wordpress update?
Indeed, we should be careful here, as both `www.` and spaces have been
historically allowed in usernames.
Related: #59084
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63085#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list