[wp-trac] [WordPress Trac] #55321: Adding new themes in releases without a global theme auto-update setting renders installations insecure
WordPress Trac
noreply at wordpress.org
Tue Mar 15 14:19:21 UTC 2022
#55321: Adding new themes in releases without a global theme auto-update setting
renders installations insecure
-------------------------------+-----------------------
Reporter: bertvandepoel | Owner: pbiron
Type: enhancement | Status: assigned
Priority: normal | Milestone: 6.0
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses: ui
-------------------------------+-----------------------
Comment (by pbiron):
The reason I milestoned this for consideration in 6.0 is the following:
1. a site running WP 5.8.3 already has an active theme
2. they update to 5.9 (possibly even via an auto-update)
3. unbeknownst to the site owner/admin, that update installed another
theme
I agree that the fact that people modify themes directly is a concern.
But I also think that WP installing new bundled themes without explicit
consent of the site owner/admin is a reason to **consider** enabling auto-
updates for those new bundled themes.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55321#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list