[wp-trac] [WordPress Trac] #57465: WordPress AJAX Vulnerability
WordPress Trac
noreply at wordpress.org
Sun Jan 15 00:47:33 UTC 2023
#57465: WordPress AJAX Vulnerability
---------------------------+----------------------
Reporter: allalbenaissa | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 6.1.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
---------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
@allalbenaissa Thank you for your interest in keeping WordPress secure,
however:
1. When you opened this ticket did you not read the message and check the
checkbox which says "I am not reporting a security issue"? This is a
public bug tracker.
2. Have you actually tested this code? This report seems like conjecture
because your example code does not result in anything being passed to
`eval()` and non-default actions need a corresponding handler to be
registered in code. Please, test fully and be more careful in the future
about security reports.
3. If you still believe this is a valid report, please report it to
[https://hackerone.com/wordpress the WordPress HackerOne program] instead.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57465#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list