[wp-trac] [WordPress Trac] #55923: Search by month can be changed to search invalid month
WordPress Trac
noreply at wordpress.org
Sun Jun 5 07:37:07 UTC 2022
#55923: Search by month can be changed to search invalid month
---------------------------+-----------------------------
Reporter: floridsleeves | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
In admin 'Posts' page, the search date can be selected by drop down menu:
[[Image(https://ibb.co/6RmFLVg)]]
However, client-side attackers can bypass items in drop down menu by
intercepting the 'm' field in request, which will return data from other
months that are not included in the drop down menu.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55923>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list