[wp-trac] Re: [WordPress Trac] #2543: anyone can post comments
masquerading as registered user
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 8 08:41:12 GMT 2006
#2543: anyone can post comments masquerading as registered user
----------------------+-----------------------------------------------------
Id: 2543 | Status: new
Component: General | Modified: Wed Mar 8 08:41:12 2006
Severity: critical | Milestone:
Priority: highest | Version: 2.0.1
Owner: ramnram1 | Reporter: ramnram1
----------------------+-----------------------------------------------------
Changes (by ramnram1):
* priority: normal => highest
* severity: minor => critical
* keywords: => Security
* owner: anonymous => ramnram1
Comment:
Such type of posts never go for moderization. Which means WordPress
accepts the comment from a ananymous user as a comment from registered
user. Which is a vulnarerability. And its a serious security issue. A
simple check could have avoded this.
--
Ticket URL: <http://trac.wordpress.org/ticket/2543>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list