Currently using a multi-site installation of wordpress using WP Super Cache and DB Cache.
Various users, in various localities, are reporting an issue when they reply to a post or article on our site. When the user goes to reply to a post or article, the email address field reveals email addresses of other users who have entered comments on the site.
This issue is beyond browser level pre-population, as the email addresses ARE visible in our source code.
I have been able to replicate the issue locally, as well has on various QA machines.
This presents a massive security loophole.
To define the issue from a 50 thousand foot perspective:
+ Multi-site install
+ WP Super Cache
+ DB Cache
+ Email addresses of complete strangers appearing in email fields, pre-populated in some cases
+ Visible in HTML source
- The topic ‘Comments Revealing Other Users Email Addresses – SECURITY ISSUE’ is closed to new replies.