Major security flaw?

  • We’ve just had a user report that they clicked a link on our site and were automatically logged in as me, ie an administrator.

    At no time have I ever even used this user’s computer, much less logged into WordPress on it – I don’t even know them.

    Yet they have sent me a screen grab of the site with the admin toolbar running across the top, and the ‘Howdy James’ greeting.

    How has this happened and what do we do to address it?

Viewing 1 replies (of 1 total)
  • Moderator James Huff

    (@macmanx)

    Hm, I don’t think that’s directly possible, especially given how many security eyes have gone over WordPress lately.

    Are you using any caching plugins, or is your site behind a caching proxy, like Varnish or Cloudflare?

Viewing 1 replies (of 1 total)
  • The topic ‘Major security flaw?’ is closed to new replies.