Opened 2 years ago
Closed 2 years ago
#61481 closed defect (bug) (invalid)
Critical Bug in WordPress Affecting User Privacy (comment_class)
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | |
| Component: | Users | Keywords: | |
| Focuses: | Cc: |
Description
Hello,
There is a critical bug in WordPress that is causing privacy issues for users. Many e-commerce websites use plugins or methods that allow users to log in using their phone numbers, which are then set as their usernames.
In the comment_class function, when a user is logged in, even as a customer, their username (which is their phone number) can be viewed through the site's source code. This means that phone numbers of users can be easily obtained in this manner.
This results in a significant privacy breach and can cause numerous problems, especially for e-commerce websites.
The display of usernames should be restricted to admin-level access only, not visible to all logged-in users, including subscribers!
I kindly request that you update WordPress and address the issue with the comment_class function as soon as possible.
Thank you.
Change History (4)
#2
in reply to:
↑ 1
@
2 years ago
Replying to samiamnot:
Usernames in WordPress are not considered a security issue.
It has been stated in previous tickets, "leaking" of the username is not deemed a security issue by WordPress.org, as it's a conscious decision to use the username as the slug in the URL, If you don't like this default behavior, there are plugins in the repository which allow you to change the url format to your preferred layout.
Hi,
This issue is very important for WordPress stores. Let's assume that a user has placed an order on the site and their username is the same as their phone number, and they have left a comment on the site. Hackers or phishing perpetrators can easily find the phone number in the site's source code, which belongs to the customer, and contact them. By deceiving the customer through various methods, they can empty their account! Unfortunately, this has happened to some individuals. This issue is not related to the user link; it is related to the class created by the comment_class function.
#3
@
2 years ago
- Keywords close added
This is not a bug in WordPress. WordPress has always had the policy that usernames *may* be publicly detectable, and hence should not contain private information, at least not in a general and predictable way on the site.
If a *site owner* are encouraging their users to put such information into the usernames upon signing up, without a warning, then they are responsible for this situation. Like if they ask new users to add any other private, possibly sensitive, information like health status, into either their user bio, display name or login user name.
Stop doing this and protect your users from exposing private information. There are other alternatives for chooosing or generating login user names.
Personally, I would like WordPress to disallow both email adresses (@) and all numeric usernames.
Strongly suggest wontfix.
#4
@
2 years ago
- Keywords close removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
The WordPress project doesn’t consider usernames or user ids to be private or secure information. Generally speaking, people do not consider usernames to be secret, often sharing them openly.
Note that WordPress is not the only open source project to believe this. Drupal has similar arguments for the same thing.
If you have an issue with how a shop or e-commerce plugin is using a username, your best bet is to contact the owner of the shop or the maintainer of the specific plugin.
Usernames in WordPress are not considered a security issue.
https://core.trac.wordpress.org/ticket/20235#comment:7