[wp-trac] [WordPress Trac] #53962: The bug allows to see the name(s) of a user(s) who has replied to a comment (not yet authorized).
WordPress Trac
noreply at wordpress.org
Fri Aug 20 02:56:01 UTC 2021
#53962: The bug allows to see the name(s) of a user(s) who has replied to a comment
(not yet authorized).
-------------------------------------+-----------------------------
Reporter: fasuto | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.8
Severity: normal | Keywords:
Focuses: administration, privacy |
-------------------------------------+-----------------------------
1.- Have a fresh installation of WordPress in its latest version, which
comes with a default entry.
2.- Go to the entry and make a comment
3.- The bug, in the navigation bar the following url is placed:
http://bug.test/2021/08/19/hola-mundo/?replytocom=2#respond obtaining the
response with the username
4.- The comment has not been approved and you can display the user who
made it, you can use a script that starts at one and is incremental and
you can get the list of users who have made a response to the entry and
have not been approved.
Tests performed:
1. Tested on a WordPress site with Cloudflare protection.
2. Tests have been performed on WordPress with SSL certificates.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53962>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list