[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable: User can spy out metadata of other users

WordPress Trac wp-trac at lists.automattic.com
Sun Sep 24 08:42:34 GMT 2006


#3142: user_edit.php vulnerable: User can spy out metadata of other users
----------------------------+-----------------------------------------------
 Reporter:  adapter         |        Owner:  anonymous 
     Type:  defect          |       Status:  closed    
 Priority:  high            |    Milestone:  2.1       
Component:  Administration  |      Version:  2.0.4     
 Severity:  major           |   Resolution:  worksforme
 Keywords:                  |  
----------------------------+-----------------------------------------------
Comment (by adapter):

 That's strange.

 Yesterday I downloaded the current release WP 2.0.4 and installed it here:
 [http://test.poplog.de]. There you can register, log in and call
 [http://test.poplog.de/wp-admin/user-edit.php?user_id=1]. You will see
 admin's data.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list