Need help? Check out our Support site, then


[SECURITY ISSUE] Email not hidden on forum subscription emails

  1. I've found a security issue with these forums. When I've been subscribed to forum threads, when I receive an email about them any email addresses included in the post aren't hidden and are shown.

    I'm just wondering if this is a security issue or if staff are aware of it.

    The blog I need help with is technoteamblog.wordpress.com.

  2. when I receive an email about them any email addresses included in the post aren't hidden and are shown

    Email addresses that are included in forum posts are redacted by the forum software. Do you have a specific forum thread that you can use as an example?

    Tagged for Staff input as well.

  3. Here's a forum thread that can be used as an example: http://en.forums.wordpress.com/topic/wordpresscom-8?replies=3#post-1579997

    On the 4th post on that thread has emails in it and when I received an email notification for that reply, I could see the emails on the email sent. Their must be a way for this to be fixed.

  4. Thanks. I've confirmed it as well. I'm asking our devs to take a look now.

  5. I've notified staff about this issue.

  6. @kraftbj That's great. I wanted to make sure that this was a known issue by WordPress.com staff.

  7. Thanks for reporting it. I've let the rest of the staff who work on the forums know as well so we don't ask folks to submit e-mail addresses expecting the redaction until it is cleared up.

  8. Thanks again for bringing this to our attention. We've deployed a fix that will redact the e-mail in subscription e-mails too.

    Cheers!

  9. You're very welcome. I'm glad that the problem has been solved. Thanks for your quick response.

Topic Closed

This topic has been closed to new replies.

About this Topic