Opened 7 months ago
Closed 7 months ago
#60704 closed enhancement (invalid)
Lack of Rate Limiting
Reported by: | rakeshchavan | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
URL: http://demodomain.com/wp-admin/user-new.php
Implement a limit on how often a client can call the API within a defined timeframe.
Notify the client when the limit is exceeded by providing the limit number and the time at which the limit will be reset.
Add proper server-side validation for query string and request body parameters, specifically, the one that controls the number of records to be returned in the response.
Define and enforce the maximum size of data on all incoming parameters and payloads such as the maximum length for strings and maximum number of elements in arrays.
Change History (1)
#1
@
7 months ago
- Component changed from General to Security
- Focuses accessibility administration rest-api performance coding-standards removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Type changed from defect (bug) to enhancement
- Version 6.4.3 deleted
Note: See
TracTickets for help on using
tickets.
Hi there and welcome to WordPress Trac
Unfortunately your request is not really specific or actionable, as you just pasted the description of [https://owasp.org/API-Security/editions/2019/en/0xa4-lack-of-resources-and-rate-limiting/ OWASP API Security Top 10
API4:2019] without checking if and how it applies to WordPress.
The example page you shared is a restricted page for administrators to add new users, not really an API that needs rate limiting.