[wp-trac] [WordPress Trac] #42964: Vuln Javascript with admin
WordPress Trac
noreply at wordpress.org
Fri Dec 22 06:55:18 UTC 2017
#42964: Vuln Javascript with admin
--------------------------+-----------------------------
Reporter: trungnd51 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hi
I have read this:
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html
It say that i can disallow unfiltered HTML for all users, including
administrators
But admin still can post XSS on comment
Is this a bug?
[[Image(https://imgur.com/okS89Lr)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42964>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list