[wp-trac] [WordPress Trac] #37917: Users without the edit_private_posts capability can still create private posts

WordPress Trac noreply at wordpress.org
Thu Oct 16 15:12:54 UTC 2025 

#37917: Users without the edit_private_posts capability can still create private
posts
-------------------------------------------+------------------------------
 Reporter:  ryan.kanner                    |       Owner:  (none)
     Type:  defect (bug)                   |      Status:  new
 Priority:  normal                         |   Milestone:  Awaiting Review
Component:  Role/Capability                |     Version:  2.1
 Severity:  normal                         |  Resolution:
 Keywords:  needs-refresh has-patch close  |     Focuses:
-------------------------------------------+------------------------------
Changes (by SirLouen):

 * keywords:  2nd-opinion => needs-refresh has-patch close
 * focuses:  administration =>
 * component:  Posts, Post Types => Role/Capability


Comment:

 == Reproduction Report
 === Description
 ✅ This report validates that the issue can be partially reproduced.

 === Environment
 - WordPress: 6.9-alpha-60093-src
 - PHP: 8.2.29
 - Server: nginx/1.29.1
 - Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
 - Browser: Chrome 140.0.0.0
 - OS: Windows 10/11
 - Theme: Twenty Twenty-Three 1.6
 - MU Plugins: None activated
 - Plugins:
   * BBB Testing Dolly
   * Classic Editor 1.6.7
   * Test Reports 1.2.0
   * User Switching 1.10.0

 === Testing Instructions
 1. Switch to classic editor
 2. Create an Author user
 3. Create a new Post
 4. ❓ You can select the Private Posts.

 === Actual Results
 1.  ✅ Error condition occurs (reproduced).

 === Additional Notes
 - As @akibjorklund commented, this is technically not a bug, but how you
 interpret it. This is happening both in Gutenberg and classic editor.
 Unless, we want a revamp on capabilities, I also think that this is how it
 is.

 - Given that this has had 0 traction for almost 1 decade, and the patch is
 not applying anymore, I reasonably believe that this is no interst anymore
 and most people figure out how these capabilities are working. So
 personally I would tag this as a `close` candidate.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/37917#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list