[wp-trac] [WordPress Trac] #44157: the comments/[id] endpoints should have the same permissions checks as the comments endpoint
WordPress Trac
noreply at wordpress.org
Fri Nov 21 17:37:38 UTC 2025
#44157: the comments/[id] endpoints should have the same permissions checks as the
comments endpoint
-------------------------------------------------+-------------------------
Reporter: tharsheblows | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch has-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by adamsilverstein):
In [changeset:"61276" 61276]:
{{{
#!CommitTicketReference repository="" revision="61276"
Comments: ensure unauthenticated users cannot access the single comment
endpoint for notes.
Fix an issue where notes could be accessed by unauthenticated users by
using the single comment REST API endpoint and passing the comment ID
(`/wp/v2/comments/<ID>`). This fix only affects the `note` type.
Props adamsilverstein, peterwilsoncc, westonruter.
See #44157.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44157#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list