[wp-meta] [Making WordPress.org] #3253: Sensitive Post type data Can be Exported via WXR

Making WordPress.org noreply at wordpress.org
Tue Nov 7 18:34:40 UTC 2017

#3253: Sensitive Post type data Can be Exported via WXR
 Reporter:  TJNowell                 |      Owner:
     Type:  defect                   |     Status:  new
 Priority:  normal                   |  Milestone:
Component:  WordCamp Site & Plugins  |   Keywords:
 At the moment the WP exporter lists all post types as options for export,
 including reimbursements and payments.

 This means any WXR export of a WCamp site will contain personal
 information, complicating any efforts to work in a local meta environment,
 and enabling compromised accounts easy access to banking information and

 I would suggest that these 2 post types be filtered out from any export
 and removed as options programmatically.

 Similarly, the following post types are exportable, and may contain
 personally identifiable information:

  - emails
  - sponsor invoices
  - order
  - feedback
  - attendees

 While this information is currently limited to Organisers and super
 admins, a rogue account could compromise this information easily in bulk
 via the exporter

Ticket URL: <https://meta.trac.wordpress.org/ticket/3253>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list