Opened 17 months ago
Last modified 13 months ago
#58679 new defect (bug)
meta key field in usermeta table should NOT use accent insensitive collations
Reported by: | madhazelnut | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | major | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
Looking at the latest string of vulnerability issues that came up related to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-member/) I discovered that the usermeta table has an accent insensitive collation for the meta_key
field. This results in queries for wp_cãpăbilitiës
to return the actual wp_capabilities
row! See update_metadata()
function in wp-includes/meta.php
Imagine the attack surface this brings. In fact, don't imagine, just look at the recent attacks in the wild.
Fix: use accent insensitive collations (or even ASCII BINARY)
Note: See
TracTickets for help on using
tickets.