[wp-trac] [WordPress Trac] #53962: The bug allows to see the name(s) of a user(s) who has replied to a comment (not yet authorized).

WordPress Trac noreply at wordpress.org
Fri Aug 20 02:56:01 UTC 2021


#53962: The bug allows to see the name(s) of a user(s) who has replied to a comment
(not yet authorized).
-------------------------------------+-----------------------------
 Reporter:  fasuto                   |      Owner:  (none)
     Type:  defect (bug)             |     Status:  new
 Priority:  normal                   |  Milestone:  Awaiting Review
Component:  General                  |    Version:  5.8
 Severity:  normal                   |   Keywords:
  Focuses:  administration, privacy  |
-------------------------------------+-----------------------------
 1.- Have a fresh installation of WordPress in its latest version, which
 comes with a default entry.

 2.- Go to the entry and make a comment

 3.- The bug, in the navigation bar the following url is placed:
 http://bug.test/2021/08/19/hola-mundo/?replytocom=2#respond obtaining the
 response with the username

 4.- The comment has not been approved and you can display the user who
 made it, you can use a script that starts at one and is incremental and
 you can get the list of users who have made a response to the entry and
 have not been approved.

 Tests performed:

     1. Tested on a WordPress site with Cloudflare protection.
     2. Tests have been performed on WordPress with SSL certificates.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53962>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list