[wp-trac] [WordPress Trac] #60598: Cross-site Scripting (XSS) in wordpress core files
WordPress Trac
noreply at wordpress.org
Thu Feb 22 09:27:49 UTC 2024
#60598: Cross-site Scripting (XSS) in wordpress core files
--------------------------+-----------------------------
Reporter: savannahj | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.1.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When scanning using SYNK tool, getting the following vulnerability in
multiple wordpress core files
Example 1
Cross-site Scripting (XSS) in /wp-includes/user.php
{{{#!php
<?php
function get_users( $args = array() ) {
$args = wp_parse_args( $args );
$args['count_total'] = false;
$user_search = new WP_User_Query( $args );
return (array) $user_search->get_results();
}
}}}
here $args is not sanitized
Example 2
Cross-site Scripting (XSS) in wp-admin/includes/template.php
{{{#!php
<?php
// Then the rest of them.
$output .= $walker->walk( $categories, 0, $args );
if ( $parsed_args['echo'] ) {
echo $output;
}
return $output;
}}}
here $output is not sanitized
**Unsanitized input from an HTTP parameter flows into the echo statement,
where it is used to render an HTML page returned to the user. This may
result in a Cross-Site Scripting attack (XSS).**
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60598>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list