WordPress: Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce

ID H1:404323
Type hackerone
Reporter simonscannell
Modified 2019-02-14T13:38:13


Simon discovered that authors could create posts of unauthorized post types with specially crafted input fixed.

This was fixed in the 5.0.1 release, and Simon has published more details on his blog.