[buddypress-trac] [BuddyPress Trac] #9296: Username exposed in members url
buddypress-trac
noreply at wordpress.org
Sat Jul 12 21:36:11 UTC 2025
#9296: Username exposed in members url
-------------------------+--------------------------------
Reporter: aboutm2 | Owner: (none)
Type: enhancement | Status: new
Priority: high | Milestone: Awaiting Review
Component: Core | Version: 14.3.2
Severity: major | Keywords: has-privacy-review
-------------------------+--------------------------------
profile URL structure is typically /members/[username]/, where [username]
is the user's username.
Username is sensitive information and exposing it is a security risk.
Could the profile url structure be reconsidered?
For example use [user_id] as a long, randomly generated, non-sequential
string (a UUID or GUID, e.g., a1b2c3d4-e5f6-7890-1234-567890abcdef
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/9296>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list