[wp-trac] [WordPress Trac] #13827: Spam Vulnerabilities In wp-signup.php Breaking Plugins
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 26 20:46:52 UTC 2010
#13827: Spam Vulnerabilities In wp-signup.php Breaking Plugins
-------------------------------------------+--------------------------------
Reporter: uglyrobot | Owner: wpmuguru
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone:
Component: Multisite | Version: 3.0
Severity: normal | Resolution:
Keywords: needs-patch reporter-feedback |
-------------------------------------------+--------------------------------
Comment(by wpmuguru):
Replying to [comment:7 uglyrobot]:
>
> But for any anti-spam plugins there is no way to carry data over between
forms in a way that can't be manipulated short of starting a php session
and using that to carry data over.
>
It is possible to carry data between the signup forms and ensure that the
data has not been manipulated. I have an install that has been running an
anti-spam plugin 3.0 for approximately 5 months and have had 4 successful
spam signups in that time.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13827#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list