Email Verification Bypass in Wordpress.com | Bug Bounty | hackerone public disclosure

Описание: There is feature in wordpress.com which allow users to invite people. We have to enter email address to invite that particular person but the invite link and invite key is also available to the person who invited. This allow attackers to create the profile without having access to the email address and they can make account on behalf of any people who is not already signed up in wordpress.com.

This bug was reported by me and it got fixed and they gave me bounty of $300

Orignal Report: https://hackerone.com/reports/1040047

Bug Bounty | hackerone | hackerone public disclosure