[wp-trac] [WordPress Trac] #43021: Menu item titles allow arbitrary HTML and script tags
WordPress Trac
noreply at wordpress.org
Thu Jan 4 17:59:40 UTC 2018
#43021: Menu item titles allow arbitrary HTML and script tags
--------------------------+-----------------------------
Reporter: foobuilder | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Menus | Version: 4.9.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
WordPress allows menu titles to contain arbitrary HTML and script tags. It
looks like the titles are not sanitized to remove unsafe HTML when saved,
and then not escaped on output. Screenshots attached.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43021>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list