(self promotion not intended, highlighting other issues in WordPress) Check out WPScan for other such issues with WordPress that have existed for a long time but never patched. WordPress are aware of these issues but for whatever reason decided not to patch them.
http://wpscan.org/ On Thu, Jul 4, 2013 at 11:56 AM, Sven Kieske <[email protected]> wrote: > Hi, > > the mentioned User account Enumeration Weakness > stated in Advisory https://secunia.com/advisories/23621/ > still exists in the actual version 3.5.2 . > > The corresponding trac entry for wordpress is closed as > "wontfix": > https://core.trac.wordpress.org/ticket/1129 > > Why? > > Maybe, because the trac bug mentions just version 1.5 as affected? > > I can easily reproduce this in version 3.5.2 . > > Please fix this, this bug is 8 years old! > > Kind Regards > > Sven Kieske > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
