[wp-trac] [WordPress Trac] #50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
WordPress Trac
noreply at wordpress.org
Tue Apr 28 14:15:25 UTC 2020
#50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
-----------------------------+------------------------------
Reporter: marciancarutasu | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: major | Resolution: worksforme
Keywords: close | Focuses: privacy
-----------------------------+------------------------------
Changes (by marciancarutasu):
* keywords: => close
Comment:
A 10 year old can add a text input on a blog saying that
"marciancarutasu at gmail.com" commented on my blog.Wohoo.
And indeed you could add a text with my email on your site and say "hi I
am you".
In essence it wouldnt take more than 1 minute to look for the IP and see
that I have never added that comment there.
But if I willingly submit a comment on the WWW using a form and my email
address. (http responses, geolocation. etc.) it can be proven that indeed
I have commented on your site then you absolutely do not have the power to
change my words/opinion WITHOUT my consent. That's called I believe
Defamation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50023#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list