[wp-trac] [WordPress Trac] #64779: Notes can be edited and deleted by other users
WordPress Trac
noreply at wordpress.org
Wed May 13 14:21:09 UTC 2026
#64779: Notes can be edited and deleted by other users
--------------------------------------+---------------------
Reporter: mindctrl | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.1
Component: Comments | Version: 6.9
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+---------------------
Comment (by mindctrl):
Replying to [comment:7 manfcarlo]:
> I think the pre-existing behaviour (any user able to delete any note) is
correct. If someone leaves a note with profanity or personal attacks, or a
typo, it should be easy for others to delete/correct without having to
contact someone with higher privileges. If someone is maliciously deleting
or changing other users' notes, they would be better off having their
editing access to the whole post revoked.
While I agree that malicious users should have their access revoked, it
doesn't solve the problem outlined above. To restate my concern:
Since comments have no revision history, there's no way to see that a note
was changed or what it originally said. A Contributor, for example, could
edit an Admin's note on their own draft to say something the Admin never
wrote, and anyone reviewing the post later would have no way of knowing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64779#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list