YOOtheme Pro is here! The best WordPress and Joomla theme. Learn more

Avatar idk75 asked

URGENT !!! Zoo comment bug reveals email address of person leaving a comment to 3rd parties

we have tested this across several computers and have always ended up with the same worrying result. If one person enters a comment with their email address than the next time another other person loading the form on an entirely different computer will see the email adress of the person that last commented pre-filled as the default info in the form fields

Example, I had a colleague leave a comment via her computer and reloaded the form on my computer once the comment was sent by her. I than had HER email address as the pre-filled default text in the submission form on my computer.

At first I thought this may have to do with me being logged in as an administrator ( through a regulat back-end log in ) but the same thing happens when I use two separate browers and am NOT logged in .

I tested this several times and this is what happens:

1) I post a commet with email address and Name A in Firefox, than I open the same page in Chrome
2) I post a comment in Chrome with name and Email address B
3) I reload the page in Firefox and all of a sudden the email adress B given in Bhrome is prefilled in the form fields in Firefox
4) I post another comment in Firefox with Name and Email address C
5) I reload the page in Chrome and low and behold email adress C entered in Firefox is now prefilled in the form filed in chrome

just to be clear her this also happened across SEPARTAE COMPUTERS OWNED BY DIFFERENT PEOPLE IN DIFFERENT COUNTRIES !

at this stage it apperas that upon reloading when a new comment was posted each visitor to our site will see the email address of the person last commenting before them pre-filled in the form field ? !

Image
Image

  • ZOO

Edited

5 Answers

1

Avatar idk75 answered

Any news on this from the Yoo support team? It's a serious data protection breach and we need this sorted ASAP please. thanks.

Edited

0

Avatar mustaq Support answered

I cannot find your frontend login, can you direct me to it ?


Update:

I do not see any comments or email on the link you posted, that is why I ask.
What Item has the comments active so I can have a look ?

YOOgards

Edited

0

Avatar idk75 answered

Hi Mustaq, there isn't one, i gave the info to the backend login in the hidden information

0

Avatar idk75 answered

my bad, we had deactivated the comments function again .. it's now switched on again and the link to the page I gave where I tested it should work with comments now . THANKS !!!!

0

Avatar syla answered

Is this solved because it happens with us also.
Someone just left an comment at our site
and when i watch it I can see the name and email filled in
Name: Peter / email: Peter@xxxx.com

Know someone who can answer? Share a link to this question via email or twitter.