Comments on: WordPress Unauthorised Comments Disclosure

By: David Kierznowski

David Kierznowski — Tue, 05 Jun 2007 09:56:04 +0000

Matt, your starting to sound like Microsoft ;>

Thanks for the feedback.

By: Matt

Matt — Tue, 05 Jun 2007 09:46:04 +0000

That is a feature, not a bug, and was “reported” years ago when the feature was introduced.

By: SecBlog » Falha de baixo risco no Wordpress

SecBlog » Falha de baixo risco no Wordpress — Mon, 04 Jun 2007 18:07:34 +0000

[...] Uma descrição completa (em inglês) está disponível aqui. [...]

By: » Wordpress Unauthorized Comment Disclosure » www.notsosecure.com

» Wordpress Unauthorized Comment Disclosure » www.notsosecure.com — Fri, 01 Jun 2007 07:05:35 +0000

[...] By Enumerating, the name and email address of a comment author, an attacker can read the comment submitted by the author while the comment still waits an administrator to approve it and publish it. This again points to the need for a better session management in Wordpress. Read the full story here [...]

By: BlogSecurity » WordPress BlogWatch

BlogSecurity » WordPress BlogWatch — Fri, 01 Jun 2007 06:55:55 +0000

[...] Unauthorised Comments Disclosure (more) [...]