[wp-trac] [WordPress Trac] #21113: Previous/Next page links maintain all GET variables
WordPress Trac
noreply at wordpress.org
Thu Nov 22 01:51:38 UTC 2012
#21113: Previous/Next page links maintain all GET variables
--------------------------+------------------------------
Reporter: kirrus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.4
Severity: critical | Resolution:
Keywords: |
--------------------------+------------------------------
Changes (by rawalex):
* severity: minor => critical
Comment:
I had a ticket on this closed and marked as duplicate. I don't think of
this as only a defect waiting review, rather it's a critical bug because
it provides a potential vector for an attack. I haven't tested it, but
the potential here is for overflow errors, or using this "unchecked" input
system as a way to use other security issues to hack wordpress.
Quite simply, this is dangerous to leave open, because it has potential to
be used in bad ways when combined with other problems or issues.
Further, as Googlebot is now penalizing duplicate content heavily, this
has become a vector by which malicious people can attack your site. They
create a number of links with garbage query strings, post them on forums
and blog comments around the net, and suddenly Googlebot is spotting all
sorts of duplicate content on your site - and penalizes your entire site
accordinly.
So this goes for me from being just a bug to a major problem that lowers
the value of WP as a CMS under the current circumstances.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21113#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list