[wp-trac] [WordPress Trac] #60161: Comments on pages where comments are not allowed

WordPress Trac noreply at wordpress.org
Fri Jan 19 03:11:03 UTC 2024 

#60161: Comments on pages where comments are not allowed
-------------------------------------------------+-------------------------
 Reporter:  is0ph                                |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  Comments                             |     Version:  6.4.2
 Severity:  normal                               |  Resolution:
 Keywords:  needs-screenshots needs-testing-     |     Focuses:
  info                                           |
-------------------------------------------------+-------------------------

Comment (by acurran):

 I wish to concur with the submitter of this ticket. I too have noticed in
 recent days a number of comments/trackbacks submitted on websites that
 have commenting & trackbacks turned off. I have never noticed an issue
 like this before (I've been managing WordPress websites for over 15
 years). I manage over 50 websites for my clients and in the last week or
 two I have seen some spam comments and trackbacks coming in from various
 websites where commenting was completely disabled. I've seen comments on
 media pages, posts and mostly on home pages. Most are trackbacks but at
 least one was a regular comment. They all are spamming pharmaceuticals and
 the website www.onlypharmacies.com has appeared in a few of them.

 The first case I looked into, I checked and verified that commenting was
 turned off in the settings and also on the individual post that was
 targeted. It seemed strange but I put it down to some weird one-off
 anomaly. But after getting some more on different websites, I really think
 there is something new going on with WordPress. Either someone has
 discovered an exiting vulnerability that allows comments and/or trackbacks
 to be submitted when commenting is disabled, or a new vulnerability has
 been recently introduced. I'm leaning towards the former because, just
 checking on one case right now, I see that the site is still on WP version
 6.3.2. (I've documented this example here - https://imgur.com/vzGWTVQ)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60161#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list