[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable:
User can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 18 17:20:22 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
-------------------------------+--------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.1
Component: Administration | Version: 2.0.4
Severity: major | Resolution:
Keywords: bug vulnerability |
-------------------------------+--------------------------------------------
Changes (by westi):
* milestone: => 2.1
Comment:
I can't reproduce this.
You can edit/see your own profile this way but otherwise the edit_users
cap check blocks you from editing someone else.
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list