WordPress: Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce

2018-09-03T09:22:52
ID H1:404323
Type hackerone
Reporter simonscannell
Modified 2019-02-14T13:38:13

Description

Simon discovered that authors could create posts of unauthorized post types with specially crafted input fixed.

This was fixed in the 5.0.1 release, and Simon has published more details on his blog.