[wp-trac] [WordPress Trac] #44022: Location information of admin users leaked
WordPress Trac
noreply at wordpress.org
Wed May 9 15:08:18 UTC 2018
#44022: Location information of admin users leaked
-------------------------------------+------------------------------
Reporter: alicewondermiscreations | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 4.8
Severity: normal | Resolution:
Keywords: gdpr | Focuses: administration
-------------------------------------+------------------------------
Changes (by iandunn):
* keywords: => gdpr
* type: defect (bug) => enhancement
* focuses: => administration
* component: General => Administration
* version: => 4.8
Comment:
This plugin by @coreymckrill might be what you're looking for:
https://wordpress.org/plugins/community-events-privacy/
Can you explain what you mean by the class "leaking" the location? Do you
mean that it's exposed to unauthorized users, or just that it stores the
location in the database?
If you think there is an actual security vulnerability, then please don't
comment publicly on Trac, since that would expose it to people who want to
maliciously exploit it. Instead, please use our HackerOne program.
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities
If you just don't like the fact that your approximate location is stored,
though, then it's fine to continue discussing that in public.
`md5()` isn't used for security in this case, it's only used as a way to
hash all of the input factors to create a unique ID.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44022#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list