Host Header Notification Email

discobot · December 30, 2020, 8:09pm

Fix “From”, “Name”, and “Return-Path” headers for all WP notification emails since this is a long-standing WP security vulnerability.

Read-only archive: Issues · ClassicPress/ClassicPress · GitHub

Author: W.V. Pelyn T. Palarao

Vote count: 5

Status: Completed (1.5.0)

Comments

system · February 4, 2021, 7:24pm

system · March 20, 2021, 12:52am

system · January 29, 2022, 10:26am

timkaye · January 30, 2022, 1:14am

Fixed by WP in the following changeset: Changeset 48601 – WordPress Trac

viktor · June 24, 2022, 1:43am

There is an issue to fix/backport the changeset that fixes this: https://github.com/ClassicPress/ClassicPress/issues/363

omukiguy · June 25, 2022, 4:45pm

viktor · June 26, 2022, 4:07am

Thank you for backporting it. Status has been updated.

alvarofranz · June 26, 2022, 7:31pm

Just as a note, there you are replacing classicpress with wordpress:

(Line 1566)

omukiguy · June 27, 2022, 5:06am

Thanks for the catch. New commit made to fix this.

viktor · November 5, 2022, 3:01am

Planned for 1.5.0. Petition will be closed now.

viktor · November 5, 2022, 3:02am