[wp-trac] [WordPress Trac] #44303: Cross Site Scripting (XSS) Vunerability in WordPress 4.9.6
WordPress Trac
noreply at wordpress.org
Mon Jun 4 09:33:50 UTC 2018
#44303: Cross Site Scripting (XSS) Vunerability in WordPress 4.9.6
--------------------------+---------------------------------------
Reporter: cakmbengue | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.9.6
Severity: critical | Keywords: needs-testing needs-patch
Focuses: javascript |
--------------------------+---------------------------------------
The vulnerability is at the comment level of the articles. The "editor"
profile is required. Please see the link of the Proof Of Concept.
Lien: [https://www.dakarhacking.com/demo/wp496/2018/06/03/bulletin-de-ce-
weekend].
Dakar Hacking POC by Cheikh Abdel Khadre MBENGUE
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44303>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list