Minor WordPress vulnerability confirmed

Thanks to Jason for the heads-up – it seems that my [tag]Wordpress[/tag] 2.0 [tag]blogs[/tag] are [tag]vulnerable[/tag] to the [tag]exploit[/tag] listed in WordPress issue #3142, but the effect is relatively minor.

Every logged in user can spy out the metadata of all other users by typing in the URL /wp-admin/user-edit.php?user_id=XXX irrespective if he has the right to do this or not. If not in fact there will be shown the error message “You do not have permission to edit this user.” but after that message the complete form with all data will also be shown.

Here’s the exploit in action:

Screenshot of wordpress vulnerability

I guess it’s a source of valid [tag]email[/tag] addresses for spam, though I’m not sure that bloggers are the best demographic for email spam (not that spammers care). Anyway my blogs are theoretically vulnerable to this exploit, but since I don’t currently allow registered users it’s not an issue.

Leave a Reply