[wp-trac] [WordPress Trac] #57437: Insecure Direct Object Reference in "author" parameter while making a page live Leads to Vertical Privilege Escalation on a Different Account
WordPress Trac
noreply at wordpress.org
Tue Jan 10 04:03:56 UTC 2023
#57437: Insecure Direct Object Reference in "author" parameter while making a page
live Leads to Vertical Privilege Escalation on a Different Account
--------------------------+------------------------------
Reporter: f41z4n | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: 6.1.1
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: privacy
--------------------------+------------------------------
Changes (by f41z4n):
* Attachment "wp_poc.mp4" added.
Proof Of Concept Video
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57437>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list