[wp-trac] [WordPress Trac] #44022: Location information of admin users leaked

WordPress Trac noreply at wordpress.org
Wed May 9 15:08:18 UTC 2018


#44022: Location information of admin users leaked
-------------------------------------+------------------------------
 Reporter:  alicewondermiscreations  |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Administration           |     Version:  4.8
 Severity:  normal                   |  Resolution:
 Keywords:  gdpr                     |     Focuses:  administration
-------------------------------------+------------------------------
Changes (by iandunn):

 * keywords:   => gdpr
 * type:  defect (bug) => enhancement
 * focuses:   => administration
 * component:  General => Administration
 * version:   => 4.8


Comment:

 This plugin by @coreymckrill might be what you're looking for:

 https://wordpress.org/plugins/community-events-privacy/

 Can you explain what you mean by the class "leaking" the location? Do you
 mean that it's exposed to unauthorized users, or just that it stores the
 location in the database?

 If you think there is an actual security vulnerability, then please don't
 comment publicly on Trac, since that would expose it to people who want to
 maliciously exploit it. Instead, please use our HackerOne program.

 https://make.wordpress.org/core/handbook/testing/reporting-security-
 vulnerabilities

 If you just don't like the fact that your approximate location is stored,
 though, then it's fine to continue discussing that in public.

 `md5()` isn't used for security in this case, it's only used as a way to
 hash all of the input factors to create a unique ID.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44022#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list