Support » Plugin: WP Approve User » Security vulnerability allowing anyone to register

  • Resolved Jen

    (@jen-norell)


    Hello,

    When selecting “anyone can register” in settings, it allows people that we don’t want to register on the site. For example we had this setting set for a subscriber and they were able to bypass the other registration form by going to http://www.oursite/wp-login.php?action=register. This is a security vulnerability as it allows the user to then reset their password and login to the site under a subscriber without being approved.

    Thanks

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.