## page was copied from DnsTemplate ##master-page:HelpTemplate <> <> == whois == {{{ 5.3.4 Wordpress.com We found that Wordpress.com was vulnerable to the Unex- pired Session and Unexpired Email Change Attacks. Unexpired Session Attack. In the Victim action phase, when the victim tried to create an account with their email address, Wordpress.com notified the victim that an account already exists and provided the option to sign in to the account via a one-time link sent to the victim’s email address. As long as the victim makes use of this option (i.e., does not reset their password), the attacker can maintain their access to the account. However, even once the victim sets a new password, the attacker’s earlier session will not be invalidated, allowing the attacker to retain access potentially indefinitely if the session is kept active. Unexpired Email Change Attack. Similarly to the first case study, in order to successfully execute this attack, the attacker would need to perform a CSRF-like attack in the Attack phase. A successful attack on Wordpress.com would allow the attacker to maliciously modify the websites managed by the victim and sign in to other services where the victim uses Wordpress.com as an IdP. When we reported our findings to Wordpress.com via HackerOne in June 2021, the reports were marked as “Not Applicable”. These vulnerabilities were not present in the self-hosted version of the Wordpress software because it required all self-registered users to verify their email addresses before allowing them to perform any actions. }}} == history == {{{ }}} ---- CategoryDns CategoryWatch CategoryTemplate