[wp-trac] [WordPress Trac] #44022: Location information of admin users leaked

WordPress Trac noreply at wordpress.org
Wed May 9 15:44:05 UTC 2018

#44022: Location information of admin users leaked
 Reporter:  alicewondermiscreations  |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Administration           |     Version:  4.8
 Severity:  normal                   |  Resolution:
 Keywords:  gdpr                     |     Focuses:  administration

Comment (by alicewondermiscreations):

 If you read the class, it uses `home_url( '/' )` when building the
 $request_args array that is sent to the api server. Why it needs to do
 that is a mystery to me if the API server isn't tracking.

 So it is disclosing both the location of the admin user and the domain of
 the wordpress install to the api server, without the consent of the admin
 logging in.

 I don't believe it is a security issue in the sense that it does not
 expose any methods for compromising the server to anyone, but it is a
 privacy concern.

Ticket URL: <https://core.trac.wordpress.org/ticket/44022#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list