WordPress.org

Ready to get started?Download WordPress

Forums

WP Project Manager
SECURITY BUG: Project manager comments feed into "recent comments" list (3 posts)

  1. ArcherTC
    Member
    Posted 1 year ago #

    In a theme with Simple Recent Comments plugin baked in, the following occurs: the comments from Project Manager show up as comments from users on the site's frontend.

    While the backend comments do not show up in full on the frontend of the site, the following does:

    - the person who made the comment
    - the name of the entry to which the comment was made (with subfolder structure revealed for message, task)
    - a link to the comment (which thankfully generates a 404 message on click, but still!)

    Suggested fixes?

    http://wordpress.org/extend/plugins/wedevs-project-manager/

  2. Native Imaging
    Member
    Posted 8 months ago #

    Yes, I also noticed that the comments are showing up on the front end Recent Comments widget which also means that these are generating RSS feeds as well..

    It's very important that these projects are managed privately with the site admins/editors and contributors...

    Other than that, I really do like this plugin, and hope to see further development or a Pro version license, but this MUST be resolved prior to that.

    Thank You :)

  3. WPyogi
    Volunteer Moderator
    Posted 8 months ago #

    @Native Imaging - please start your own thread per:

    http://codex.wordpress.org/Forum_Welcome#Where_To_Post

    If you have a security issue, please see:

    http://codex.wordpress.org/FAQ_Security

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.