[wp-trac] [WordPress Trac] #53962: The bug allows to see the name(s) of a user(s) who has replied to a comment (not yet authorized).
WordPress Trac
noreply at wordpress.org
Fri Aug 20 03:59:01 UTC 2021
#53962: The bug allows to see the name(s) of a user(s) who has replied to a comment
(not yet authorized).
--------------------------+--------------------------------------
Reporter: fasuto | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 2.7
Severity: normal | Resolution:
Keywords: | Focuses: administration, privacy
--------------------------+--------------------------------------
Comment (by fasuto):
Hello @peterwilsoncc
Hi thanks for replying, the bug could allow a security breach by listing
the users commenting on the post, I wanted to report it by hacker one but
couldn't, I hope it can be fixed.
Replying to [comment:1 peterwilsoncc]:
> Hello @fasuto and welcome to trac.
>
> Thank you for your report, I am able to reproduce the bug.
>
> It appears to have been introduced in version 2.7 of WordPress, so I've
updated the version field of your report to indicate when the bug first
appeared.
>
> ----
>
> Notes:
>
> `comment_form_title()` passes the value of the `replytocom` querystring
parameter to `get_comment()`. `comment_form_title()` then uses the parent
comment author's name in the title without verifying whether or not the
comment has been approved.
>
> The same is true for `get_comment_id_fields()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53962#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list