[wp-meta] [Making WordPress.org] #3253: Sensitive Post type data Can be Exported via WXR
Making WordPress.org
noreply at wordpress.org
Tue Nov 7 18:34:40 UTC 2017
#3253: Sensitive Post type data Can be Exported via WXR
-------------------------------------+-----------------
Reporter: TJNowell | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: WordCamp Site & Plugins | Keywords:
-------------------------------------+-----------------
At the moment the WP exporter lists all post types as options for export,
including reimbursements and payments.
This means any WXR export of a WCamp site will contain personal
information, complicating any efforts to work in a local meta environment,
and enabling compromised accounts easy access to banking information and
addresses.
I would suggest that these 2 post types be filtered out from any export
and removed as options programmatically.
Similarly, the following post types are exportable, and may contain
personally identifiable information:
- emails
- sponsor invoices
- order
- feedback
- attendees
While this information is currently limited to Organisers and super
admins, a rogue account could compromise this information easily in bulk
via the exporter
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3253>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list