[wp-trac] [WordPress Trac] #50497: can give review in Products without star rating (0 star)
WordPress Trac
noreply at wordpress.org
Sun Jun 28 16:01:14 UTC 2020
#50497: can give review in Products without star rating (0 star)
-------------------------------+-------------------------------------
Reporter: kokonaing | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version:
Severity: major | Keywords: needs-testing has-patch
Focuses: |
-------------------------------+-------------------------------------
Steps To Reproduce:
In WordPress site https://wordpress.org, there are a lot themes uploaded
by each vendor. And there is a rating and review form in each theme. In
this phrase, the attacker can give review without stars rating although
Wordpress enforces to give at least one star.
When the reviewed form is submitted with any stars, the attacker will
intercept the request and can delete rating parameter &rating=5&rating=5.
After deleting this parameter from request and the attacker can
successful rating the products with 0 star. 3.All wordpress site should be
worked.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50497>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list