[wp-trac] [WordPress Trac] #11134: A trick to post comments without approval by using admin username and email
WordPress Trac
wp-trac at lists.automattic.com
Fri Nov 13 10:36:14 UTC 2009
#11134: A trick to post comments without approval by using admin username and email
--------------------------+-------------------------------------------------
Reporter: shanyar | Owner: Shanyar Kadir
Type: defect (bug) | Status: new
Priority: high | Milestone: Unassigned
Component: Comments | Version: 2.8.5
Severity: major | Keywords: comments with no moderation
--------------------------+-------------------------------------------------
I have a word-press website, and I noticed that if some one posted a
comment with my admin user-name and email, their comment will be approved
without moderation ... it appears as if I have posted the comment ... of
course no body of the posters have tried this, it was found by one of our
admins ... I tried it my self and thought it was a theme bug ... but no
... it wasn't ... if someone finds out my email and uses my user-name he
can post without my permission ... I am sure I am not imagining this ...
and I didn't find a bug like this reported so I believe it is a bug ... if
I have made a mistake please correct me ... I am running a self-hosted
word-press website of wordpress 2.8.5 ...
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11134>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list