Make WordPress Core

Opened 10 months ago

Last modified 6 months ago

#58679 new defect (bug)

meta key field in usermeta table should NOT use accent insensitive collations

Reported by: madhazelnut's profile madhazelnut Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version:
Component: Security Keywords:
Focuses: Cc:

Description

Looking at the latest string of vulnerability issues that came up related to the [Ultimate Member plugin](https://wordpress.org/plugins/ultimate-member/) I discovered that the usermeta table has an accent insensitive collation for the meta_key field. This results in queries for wp_cãpăbilitiës to return the actual wp_capabilities row! See update_metadata() function in wp-includes/meta.php

Imagine the attack surface this brings. In fact, don't imagine, just look at the recent attacks in the wild.

Fix: use accent insensitive collations (or even ASCII BINARY)

Change History (1)

#1 @sabernhardt
6 months ago

  • Component changed from General to Security
Note: See TracTickets for help on using tickets.