[wp-trac] [WordPress Trac] #28610: Persistent XSS and CSRF on wordpress 3.9.1

WordPress Trac noreply at wordpress.org
Sat Jun 21 15:46:37 UTC 2014

#28610: Persistent XSS and CSRF on wordpress 3.9.1
 Reporter:  avinash_thapa  |      Owner:
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  General        |    Version:  3.9.1
 Severity:  normal         |   Keywords:
  Focuses:                 |
 As you release the new version of wordpress 3.9.1.
 It consists of multiple vulnerabilities i.e Persistent XSS and CSRF.
 This is present in the comment box.
 An attaker can easily put the simple xss vector and able to create the XSS
 It is a critical Vulenrability as it is stored.

Ticket URL: <https://core.trac.wordpress.org/ticket/28610>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list