WeSearch

The Paywall That Wasn't: Debugging a 919-Video Leak on WordPress

·9 min read · 0 reactions · 0 comments · 24 views
#wordpress#security#webdev#php
The Paywall That Wasn't: Debugging a 919-Video Leak on WordPress
TL;DR · WeSearch summary

A WordPress site experienced a bug where paid members could not access on-demand videos, but it was discovered that the paywall was not protecting the content at all. The issue was caused by a misconfiguration between WishList Member and All-in-One Video Gallery, resulting in 919 videos being publicly accessible. The problem was resolved by implementing a server-side gate before rendering the content.

Key facts
Original article
DEV.to (Top)
Read full at DEV.to (Top) →
Opening excerpt (first ~120 words) tap to expand

try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 126345) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Vicente G. Reyes Posted on Jun 30 • Originally published at vicentereyes.org The Paywall That Wasn't: Debugging a 919-Video Leak on WordPress #wordpress #security #webdev #php The ticket was three sentences long: "Some paid members can't play the on-demand videos. They log in, click a video, and still get told they need a membership. Can you fix it tonight?" I fixed it tonight.

Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from DEV.to (Top)