[wp-trac] [WordPress Trac] #50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
WordPress Trac
noreply at wordpress.org
Tue Apr 28 14:20:46 UTC 2020
#50023: major core flaw in comments system found today 28 April 2020 16:00 GMT +3
-----------------------------+------------------------------
Reporter: marciancarutasu | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version:
Severity: major | Resolution: worksforme
Keywords: close | Focuses: privacy
-----------------------------+------------------------------
Comment (by marciancarutasu):
totally interpretable, but think of it again. if you are the owner of a
website you can do a million illegal stuff and you take the 'credit' for
it.
but what wordpress is doing here is completely wrong, on many levels.
they leave a huge door open there for many illegal stuff.
let's say I am a hacker and I have found this flaw in comments section.
YOU SCRAPE THE WEB FOR THAT LOOPHOLE, FIND 10MILION USERS THAT LEFT A
COMMENT ON A WORDPRESS SITE AND YOU GET THE POWER TO POST ON THEIR BEHALF,
or a simple edit of comments or I dunno.
maybe a security flaw there.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50023#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list