[wp-trac] [WordPress Trac] #32869: XSS Problem on Wordpress 4
WordPress Trac
noreply at wordpress.org
Fri Jul 3 05:40:16 UTC 2015
#32869: XSS Problem on Wordpress 4
--------------------------+-------------------------
Reporter: MohsineBen | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses: javascript
--------------------------+-------------------------
Changes (by netweb):
* status: new => closed
* resolution: => invalid
* version: 4.0 =>
* component: General => Security
* milestone: Awaiting Review =>
Comment:
There were two notices you would have seen when posting this ticket:
{{{
Do not report potential security vulnerabilities here.
See the Security FAQ and contact security at wordpress.org.
}}}
And after typing the text you would've had to have checked the checkbox of
the following to proceed:
{{{
I am not reporting a security issue — report security issues to
security at wordpress.org
}}}
Yet you continued to post here anyway, quite disappointing :(
It looks like the theme in use isn’t escaping the search term properly,
and that WordPress 4.3+ pre-escapes the search term to potentially avoid
some of those cases, see https://core.trac.wordpress.org/ticket/32142
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32869#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list