Fix “From”, “Name”, and “Return-Path” headers for all WP notification emails since this is a long-standing WP security vulnerability.
Read-only archive: GitHub · Where software is built
Author: W.V. Pelyn T. Palarao
Vote count: 5
Status: Completed (1.5.0)
Comments
Fixed by WP in the following changeset: Changeset 48601 – WordPress Trac
There is an issue to fix/backport the changeset that fixes this: ClassicPress emails not coming from admin email · Issue #151 · ClassicPress/ClassicPress-v1 · GitHub
Backport done for this issue. WP-r48601: Ensure that a server hostname can be set by using network_home_url() by bahiirwa · Pull Request #1021 · ClassicPress/ClassicPress · GitHub
Thank you for backporting it. Status has been updated.
Thanks for the catch. New commit made to fix this.
Planned for 1.5.0. Petition will be closed now.
