[wp-trac] [WordPress Trac] #13827: Spam Vulnerabilities In wp-signup.php Breaking Plugins

WordPress Trac wp-trac at lists.automattic.com
Sat Jun 26 20:46:52 UTC 2010


#13827: Spam Vulnerabilities In wp-signup.php Breaking Plugins
-------------------------------------------+--------------------------------
 Reporter:  uglyrobot                      |        Owner:  wpmuguru 
     Type:  defect (bug)                   |       Status:  reviewing
 Priority:  normal                         |    Milestone:           
Component:  Multisite                      |      Version:  3.0      
 Severity:  normal                         |   Resolution:           
 Keywords:  needs-patch reporter-feedback  |  
-------------------------------------------+--------------------------------

Comment(by wpmuguru):

 Replying to [comment:7 uglyrobot]:
 >
 > But for any anti-spam plugins there is no way to carry data over between
 forms in a way that can't be manipulated short of starting a php session
 and using that to carry data over.
 >
 It is possible to carry data between the signup forms and ensure that the
 data has not been manipulated. I have an install that has been running an
 anti-spam plugin 3.0 for approximately 5 months and have had 4 successful
 spam signups in that time.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13827#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list