[wp-trac] [WordPress Trac] #41090: XSS via title and body in three defalut theme

WordPress Trac noreply at wordpress.org
Sat Jun 17 21:54:16 UTC 2017

#41090: XSS via title and body in three defalut theme
 Reporter:  rudr4sarkar   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Themes        |     Version:  4.8
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:  template

Comment (by voldemortensen):

 First of all, this is not the proper place to report security issues.
 There was a big, giant warning you had click through to post this.
 https://hackerone.com/wordpress is the proper place.

 Second, it's likely that this is just the fact you created the post as a
 user that has the `unfiltered_html` capability. Please verify this is not
 do to unfiltered_html and then report it in the proper place. I will be
 deleting this ticket shortly.

Ticket URL: <https://core.trac.wordpress.org/ticket/41090#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list