Opened 2 years ago
Last modified 3 months ago
#58679 new defect (bug)
meta key field in usermeta table should NOT use accent insensitive collations
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | major | Version: | |
| Component: | Security | Keywords: | |
| Focuses: | Cc: |
Description
Looking at the latest string of vulnerability issues that came up related to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-member/) I discovered that the usermeta table has an accent insensitive collation for the meta_key field. This results in queries for wp_cãpăbilitiës to return the actual wp_capabilities row! See update_metadata() function in wp-includes/meta.php
Imagine the attack surface this brings. In fact, don't imagine, just look at the recent attacks in the wild.
Fix: use accent insensitive collations (or even ASCII BINARY)
Note: See
TracTickets for help on using
tickets.
Errata: the last line should read "Fix: use accent-sensitive collations (or even ASCII BINARY)".