[wp-trac] [WordPress Trac] #57437: Insecure Direct Object Reference in "author" parameter while making a page live Leads to Vertical Privilege Escalation on a Different Account
WordPress Trac
noreply at wordpress.org
Thu Nov 20 15:54:10 UTC 2025
#57437: Insecure Direct Object Reference in "author" parameter while making a page
live Leads to Vertical Privilege Escalation on a Different Account
-------------------------------------+----------------------
Reporter: f41z4n | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Posts, Post Types | Version: 6.1.1
Severity: normal | Resolution: wontfix
Keywords: needs-patch 2nd-opinion | Focuses:
-------------------------------------+----------------------
Changes (by SirLouen):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
This post was introduced 3 years ago and was already triaged by the
security team as a non-thread. Given the both @peterwilsoncc and
@ironprogrammer have already suggested that this is the expected behaviour
and doesn't pose a threat, `2nd-opinion` has been drawn, so its time to
close this as `wontfix`
If there is further concern regarding this issue, please feel free to
reopen this and I will look a little further with the additional
information provided.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57437#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list