[wp-trac] [WordPress Trac] #60161: Comments on pages where comments are not allowed
WordPress Trac
noreply at wordpress.org
Fri Jan 19 03:11:03 UTC 2024
#60161: Comments on pages where comments are not allowed
-------------------------------------------------+-------------------------
Reporter: is0ph | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Comments | Version: 6.4.2
Severity: normal | Resolution:
Keywords: needs-screenshots needs-testing- | Focuses:
info |
-------------------------------------------------+-------------------------
Comment (by acurran):
I wish to concur with the submitter of this ticket. I too have noticed in
recent days a number of comments/trackbacks submitted on websites that
have commenting & trackbacks turned off. I have never noticed an issue
like this before (I've been managing WordPress websites for over 15
years). I manage over 50 websites for my clients and in the last week or
two I have seen some spam comments and trackbacks coming in from various
websites where commenting was completely disabled. I've seen comments on
media pages, posts and mostly on home pages. Most are trackbacks but at
least one was a regular comment. They all are spamming pharmaceuticals and
the website www.onlypharmacies.com has appeared in a few of them.
The first case I looked into, I checked and verified that commenting was
turned off in the settings and also on the individual post that was
targeted. It seemed strange but I put it down to some weird one-off
anomaly. But after getting some more on different websites, I really think
there is something new going on with WordPress. Either someone has
discovered an exiting vulnerability that allows comments and/or trackbacks
to be submitted when commenting is disabled, or a new vulnerability has
been recently introduced. I'm leaning towards the former because, just
checking on one case right now, I see that the site is still on WP version
6.3.2. (I've documented this example here - https://imgur.com/vzGWTVQ)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60161#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list