[SECURITY ISSUE] Email not hidden on forum subscription emails
-
I’ve found a security issue with these forums. When I’ve been subscribed to forum threads, when I receive an email about them any email addresses included in the post aren’t hidden and are shown.
I’m just wondering if this is a security issue or if staff are aware of it.
The blog I need help with is: (visible only to logged in users)
-
when I receive an email about them any email addresses included in the post aren’t hidden and are shown
Email addresses that are included in forum posts are redacted by the forum software. Do you have a specific forum thread that you can use as an example?
Tagged for Staff input as well.
-
tested here and Tom is 100% correct
-
Here’s a forum thread that can be used as an example: https://en.forums.wordpress.com/topic/wordpresscom-8?replies=3#post-1579997
On the 4th post on that thread has emails in it and when I received an email notification for that reply, I could see the emails on the email sent. Their must be a way for this to be fixed.
-
-
-
Thanks for reporting it. I’ve let the rest of the staff who work on the forums know as well so we don’t ask folks to submit e-mail addresses expecting the redaction until it is cleared up.
-
Thanks again for bringing this to our attention. We’ve deployed a fix that will redact the e-mail in subscription e-mails too.
Cheers!
-
You’re very welcome. I’m glad that the problem has been solved. Thanks for your quick response.
- The topic ‘[SECURITY ISSUE] Email not hidden on forum subscription emails’ is closed to new replies.
WordPress.com Forums 