[wp-trac] [WordPress Trac] #59795: Private Information Exposure via redirect_guess_404_permalink()

Mon Apr 8 07:42:08 UTC 2024

#59795: Private Information Exposure via redirect_guess_404_permalink()
--------------------------------------+----------------------------
 Reporter:  FrancescoCarlucci         |       Owner:  peterwilsoncc
     Type:  defect (bug)              |      Status:  closed
 Priority:  normal                    |   Milestone:  6.5
Component:  Canonical                 |     Version:
 Severity:  minor                     |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests  |     Focuses:  privacy
--------------------------------------+----------------------------

Comment (by juliemoynat):

 Hi,

 I'm sorry in advance because I'm not sure that's the right way to ask this
 question…

 Why hasn't this ticket been patched for all major WordPress versions?

 To this day, this problem is referenced as a security vulnerability (as
 you can see here: https://patchstack.com/database/vulnerability/wordpress
 /wordpress-wordpress-core-plugin-6-4-3-sensitive-information-exposure-via-
 redirect-guess-404-permalink-vulnerability?_a_id=431) and therefore
 generates alerts (as with Solid Security, for example) until websites are
 in version 6.5.

 I thought WordPress didn't require major updates to get security patches,
 so I'm surprised.

 Thanks

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/59795#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform