[wp-trac] [WordPress Trac] #58679: meta key field in usermeta table should NOT use accent insensitive collations
WordPress Trac
noreply at wordpress.org
Fri Jun 30 09:09:55 UTC 2023
#58679: meta key field in usermeta table should NOT use accent insensitive
collations
--------------------------+-----------------------------
Reporter: madhazelnut | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
Looking at the latest string of vulnerability issues that came up related
to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-
member/) I discovered that the usermeta table has an accent insensitive
collation for the `meta_key` field. This results in queries for
`wp_cãpăbilitiës` to return the actual `wp_capabilities` row! See
`update_metadata()` function in wp-includes/meta.php
Imagine the attack surface this brings. In fact, don't imagine, just look
at the recent attacks in the wild.
Fix: use accent insensitive collations (or even ASCII BINARY)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58679>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list