#5294 closed defect (bug) (duplicate)
can give review in Products without star rating (0 star)
Reported by: | kokonaing | Owned by: | |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | WordPress.org Site | Keywords: | needs-testing needs-patch |
Cc: |
Description
Steps To Reproduce:
In WordPress site https://wordpress.org, there are a lot themes uploaded
by each vendor. And there is a rating and review form in each theme. In
this phrase, the attacker can give review without stars rating although
WordPress enforces to give at least one star.
When the reviewed form is submitted with any stars, the attacker will
intercept the request and can delete rating parameter &rating=5&rating=5.
After deleting this parameter from request and the attacker can
successful rate the products with 0 star. 3.All wordpress site should be
worked.
Attachments (1)
Change History (5)
Note: See
TracTickets for help on using
tickets.
Here is successful 0 star rating and should be worked in all Wordpress Versions.