[wp-trac] [WordPress Trac] #28610: Persistent XSS and CSRF on wordpress 3.9.1
WordPress Trac
noreply at wordpress.org
Sat Jun 21 15:54:54 UTC 2014
#28610: Persistent XSS and CSRF on wordpress 3.9.1
---------------------------+----------------------
Reporter: avinash_thapa | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 3.9.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
---------------------------+----------------------
Changes (by ocean90):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
When creating this ticket, was "Do not report potential security
vulnerabilities here. See the Security FAQ and contact
security at wordpress.org." not noticeable? Honest question. If you have
JavaScript enabled, you additionally would have needed to click a checkbox
affirming "I am not reporting a security issue — report security issues to
security at wordpress.org".
----
Your report is invalid. Please read
https://codex.wordpress.org/Roles_and_Capabilities#unfiltered_html
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28610#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list