[wp-trac] [WordPress Trac] #50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
WordPress Trac
noreply at wordpress.org
Tue Apr 28 13:23:17 UTC 2020
#50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
-----------------------------+-----------------------------
Reporter: marciancarutasu | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 5.4
Severity: major | Keywords:
Focuses: privacy |
-----------------------------+-----------------------------
using blankslate theme over wp 5.4.
on post comments section, I have uploaded a new comment for testing
purposes, without being logged into admin panel from an external gmail
account.
in the admin panel,comments section, logged in as admin, I get the power
to edit users comment and post on his behalf.
notice: website does not have users functionality, wp-admin I only have
one user called admin.
edit a comment on users behalf??
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50023>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list