[wp-meta] [Making WordPress.org] #5294: can give review in Products without star rating (0 star)

Making WordPress.org noreply at wordpress.org
Sun Jun 28 18:00:16 UTC 2020


#5294: can give review in Products without star rating (0 star)
--------------------------------+---------------------------------------
 Reporter:  kokonaing           |      Owner:  (none)
     Type:  defect              |     Status:  new
 Priority:  high                |  Milestone:
Component:  WordPress.org Site  |   Keywords:  needs-testing needs-patch
--------------------------------+---------------------------------------
 Steps To Reproduce:

  In WordPress site https://wordpress.org, there are a lot themes uploaded
  by each vendor. And there is a rating and review form in each theme. In
  this phrase, the attacker can give review without stars rating although
  WordPress enforces to give at least one star.

      When the reviewed form is submitted with any stars, the attacker will
  intercept the request and can delete rating parameter &rating=5&rating=5.
      After deleting this parameter from request and the attacker can
  successful rate the products with 0 star. 3.All wordpress site should be
  worked.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/5294>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list