[wp-trac] [WordPress Trac] #41808: Attacks against wp.getUsersBlogs with no user name but with a password
WordPress Trac
noreply at wordpress.org
Wed Sep 6 16:55:38 UTC 2017
#41808: Attacks against wp.getUsersBlogs with no user name but with a password
--------------------------+-----------------------
Reporter: krader | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 4.8
Severity: normal | Resolution: invalid
Keywords: | Focuses: rest-api
--------------------------+-----------------------
Changes (by joemcgill):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
@krader The 200 response contains the results of the `WP_Error` you would
expect.
While this doesn't seem to be an actual security issue, if you think
something *is* security related it should be
[https://hackerone.com/wordpress/ reported responsibly via HackerOne].
Disclosing any security issue publicly is dangerous for all WordPress
users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41808#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list