Contributors can publish directly while not supposed to!
-
Discovered the following security issue on WP.com.
Anyone else has experienced it?
[security issue redacted]
Jean-Hugues Roy
prof. UQAM, Montréal, QC, Canada -
-
Thank you for letting us know – we are investigating and appreciate your thorough report.
In future, it’s safer for everyone if you don’t post potential security issues publicly before a fix is in place. You can either use this form – http://automattic.com/security/ – or email security AT wordpress.com.
Thanks very much.
-
-
Thanks timethief and Kathryn!
Sorry to do so publicly. The issue was unknown to peers.
JHR
-
We were able to reproduce the problem and it has now been fixed. You should no longer have such issues. Thanks for the detailed report, but please indeed contact us via our security page, should you ever find another such issue, as it’s by far the fastest way for us to be made aware and deploy a fix.
Best regards.
-
@stephdau
Is this a related issue here > https://en.forums.wordpress.com/topic/user-roles-error?replies=3 -
-
-
Thanks for the cross-link @timethief. Good catch, as per your usual. :)
@jhroy: bienvenue, et merci encore pour le rapport. :)
- The topic ‘Contributors can publish directly while not supposed to!’ is closed to new replies.
WordPress.com Forums 