[wp-trac] [WordPress Trac] #50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3

WordPress Trac noreply at wordpress.org
Tue Apr 28 13:23:17 UTC 2020


#50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
-----------------------------+-----------------------------
 Reporter:  marciancarutasu  |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Comments         |    Version:  5.4
 Severity:  major            |   Keywords:
  Focuses:  privacy          |
-----------------------------+-----------------------------
 using blankslate theme over wp 5.4.
 on post comments section, I have uploaded a new comment for testing
 purposes, without being logged into admin panel from an external gmail
 account.

 in the admin panel,comments section, logged in as admin, I get the power
 to edit users comment and post on his behalf.

 notice: website does not have users functionality, wp-admin I only have
 one user called admin.

 edit a comment on users behalf??

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50023>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list