Circumventing New user Approve by resetting password

  • Resolved HS79

    (@hs79)


    6 years, 3 months ago

    I discovered today that a new registrant can bypass approval if they do the following after creating a new account,

    1) User creates new account

    2) User then goes immediately to reset password form and submits a request for a new password

    3) User logs in using password reset options and then has ability bypass admin approval

    This is a serious issue. I experienced it on a WordPress 5.0 install.

  • The topic ‘Circumventing New user Approve by resetting password’ is closed to new replies.