[wp-trac] [WordPress Trac] #61481: Critical Bug in WordPress Affecting User Privacy (comment_class)
WordPress Trac
noreply at wordpress.org
Sat Jun 22 18:06:09 UTC 2024
#61481: Critical Bug in WordPress Affecting User Privacy (comment_class)
--------------------------+-----------------------------
Reporter: kamalireal | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello,
There is a critical bug in WordPress that is causing privacy issues for
users. Many e-commerce websites use plugins or methods that allow users to
log in using their phone numbers, which are then set as their usernames.
In the comment_class function, when a user is logged in, even as a
customer, their username (which is their phone number) can be viewed
through the site's source code. This means that phone numbers of users can
be easily obtained in this manner.
This results in a significant privacy breach and can cause numerous
problems, especially for e-commerce websites.
The display of usernames should be restricted to admin-level access only,
not visible to all logged-in users, including subscribers!
I kindly request that you update WordPress and address the issue with the
comment_class function as soon as possible.
Thank you.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61481>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list