[wp-trac] [WordPress Trac] #55924: Search by category can be changed to search invalid month
WordPress Trac
noreply at wordpress.org
Sun Jun 5 07:45:04 UTC 2022
#55924: Search by category can be changed to search invalid month
---------------------------+-----------------------------
Reporter: floridsleeves | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.0
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
In admin 'Posts' page, the search category can be selected by drop down
menu:
[[Image(https://ibb.co/mHH5nxG)]]
However, client-side attackers can bypass items in drop down menu by
intercepting the 'cat' field in request, which will return data from other
non-existing categories.
Possible fix is to add server-side checks to this field to validate
whether the category is valid.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55924>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list