Description
The ContentImporter does not verify that the current user has read_post permission on the source post before importing its content. A user could potentially import content from a private post on another blog they don't have read access to.
Location
includes/ContentImport/ContentImporter.php — handle_import() and pre_flight_check() verify the nonce and check for msls_import in POST data, but never call current_user_can('read_post', $source_post_id) on the source blog.
Risk
Lower than a REST endpoint since the import is gated behind nonce verification and POST submission (requires an active admin session), but the gap still exists.
Found during
Code review of #609 (see discussion).
Description
The
ContentImporterdoes not verify that the current user hasread_postpermission on the source post before importing its content. A user could potentially import content from a private post on another blog they don't have read access to.Location
includes/ContentImport/ContentImporter.php—handle_import()andpre_flight_check()verify the nonce and check formsls_importin POST data, but never callcurrent_user_can('read_post', $source_post_id)on the source blog.Risk
Lower than a REST endpoint since the import is gated behind nonce verification and POST submission (requires an active admin session), but the gap still exists.
Found during
Code review of #609 (see discussion).