[wp-trac] [WordPress Trac] #44022: Location information of admin users leaked
WordPress Trac
noreply at wordpress.org
Wed May 9 15:44:05 UTC 2018
#44022: Location information of admin users leaked
-------------------------------------+------------------------------
Reporter: alicewondermiscreations | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 4.8
Severity: normal | Resolution:
Keywords: gdpr | Focuses: administration
-------------------------------------+------------------------------
Comment (by alicewondermiscreations):
If you read the class, it uses `home_url( '/' )` when building the
$request_args array that is sent to the api server. Why it needs to do
that is a mystery to me if the API server isn't tracking.
So it is disclosing both the location of the admin user and the domain of
the wordpress install to the api server, without the consent of the admin
logging in.
I don't believe it is a security issue in the sense that it does not
expose any methods for compromising the server to anyone, but it is a
privacy concern.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44022#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list