Fix “From”, “Name”, and “Return-Path” headers for all WP notification emails since this is a long-standing WP security vulnerability.
Read-only archive: Issues · ClassicPress/ClassicPress · GitHub
Author: W.V. Pelyn T. Palarao
Vote count: 5
Status: Completed (1.5.0)
Comments
Fixed by WP in the following changeset: Changeset 48601 – WordPress Trac
viktor
6
There is an issue to fix/backport the changeset that fixes this: https://github.com/ClassicPress/ClassicPress/issues/363
viktor
8
Thank you for backporting it. Status has been updated.
1 Like
Just as a note, there you are replacing classicpress with wordpress:
(Line 1566)
1 Like
Thanks for the catch. New commit made to fix this.
viktor
11
Planned for 1.5.0. Petition will be closed now.
1 Like