Bbpress comments leak emails
-
Hi,
I am testing the plugin again with an installation of BBPress https://es.wordpress.org/plugins/bbpress/
There is an option on that plugin to prevent login and use all discussion as comments.
So the user fill up email and name and they can post a comment into a topic.
https://ps.w.org/bbpress/assets/screenshot-4.png?rev=872931
Called Anonymous posting on their settings.When using this feature with Redis Object Cache, the email and name of the user is leaked ot other users.
To test it:
– activate object cache.
– Go into a topic with 2 different browsers not logged in (I even used a VPN on one of them to simulate a different IP).
– Post a comment with your email on one of them.
– Refresh the page on the other user, that second user will have the email and name pre-filled on the comment section.I tried to disable the groups for bbpress, but the email for comments was still leaking.
Is there any group I should disable to make this work?Thanks!
- The topic ‘Bbpress comments leak emails’ is closed to new replies.