[wp-trac] [WordPress Trac] #16997: XSS bug(QuickPress title)

WordPress Trac wp-trac at lists.automattic.com
Wed Mar 30 02:20:41 UTC 2011

#16997: XSS bug(QuickPress title)
 Reporter:  apr_inoue     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  3.1
 Severity:  normal        |  Resolution:
 Keywords:                |

Comment (by dd32):

 I'd just like to direct you to our published guidelines on how to report
 security issues:

 If you could send an email through to security at wordpress.org with the
 exact details, we can investigate the claims.

 However, I'd like to mention that it's by design that users (with the
 unfiltered_html capability) can by default include HTML in their post

Ticket URL: <http://core.trac.wordpress.org/ticket/16997#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list