Make WordPress Core

Opened 3 years ago

Last modified 2 years ago

#55923 new defect (bug)

Search by month can be changed to search invalid month

Reported by: floridsleeves's profile floridsleeves Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

In admin 'Posts' page, the search date can be selected by drop down menu:
https://ibb.co/6RmFLVg

However, client-side attackers can bypass items in drop down menu by intercepting the 'm' field in request, which will return data from other months that are not included in the drop down menu.

Change History (1)

#1 @hasanuzzamanshamim
2 years ago

Thanks for reporting the ticket,
But I am not sure about validating filters. who has the right access can see posts by the filters only otherwise access is denied.

Note: See TracTickets for help on using tickets.