[wp-trac] [WordPress Trac] #3516: XSS in plugins.php
WordPress Trac
noreply at wordpress.org
Mon Feb 12 05:46:50 UTC 2024
#3516: XSS in plugins.php
--------------------------+------------------------
Reporter: xknown | Owner: (none)
Type: defect (bug) | Status: closed
Priority: high | Milestone:
Component: Security | Version:
Severity: major | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Comment (by mokhtariaukprn2):
It seems there is a vulnerability in the plugins.php file where the
metadata of plugins is not properly validated, allowing for XSS injection
through fields like Plugin Name, Version, Plugin URI, Author, and Author
URI. This vulnerability even affects inactive plugins, which ideally
shouldn't have any impact. Administrators should exercise caution and
ensure that plugins are from trusted sources.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/3516#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list