[wp-meta] [Making WordPress.org] #5294: can give review in Products without star rating (0 star)
Making WordPress.org
noreply at wordpress.org
Sun Jun 28 18:00:16 UTC 2020
#5294: can give review in Products without star rating (0 star)
--------------------------------+---------------------------------------
Reporter: kokonaing | Owner: (none)
Type: defect | Status: new
Priority: high | Milestone:
Component: WordPress.org Site | Keywords: needs-testing needs-patch
--------------------------------+---------------------------------------
Steps To Reproduce:
In WordPress site https://wordpress.org, there are a lot themes uploaded
by each vendor. And there is a rating and review form in each theme. In
this phrase, the attacker can give review without stars rating although
WordPress enforces to give at least one star.
When the reviewed form is submitted with any stars, the attacker will
intercept the request and can delete rating parameter &rating=5&rating=5.
After deleting this parameter from request and the attacker can
successful rate the products with 0 star. 3.All wordpress site should be
worked.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5294>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list