[wp-trac] [WordPress Trac] #43535: sql injection via ajax function
WordPress Trac
noreply at wordpress.org
Tue Mar 13 07:24:31 UTC 2018
#43535: sql injection via ajax function
--------------------------+------------------------------
Reporter: shinaku | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.4
Severity: normal | Resolution:
Keywords: | Focuses: javascript
--------------------------+------------------------------
Comment (by dd32):
Hi @shinaku
As you were redirected to https://make.wordpress.org/core/handbook/testing
/reporting-security-vulnerabilities/ already, I'll assume you've read the
text there of where to submit security issues (hint: not here) (And
clicked the checkbox here that says you're not reporting a security issue)
I'll spare the usual boiler plate.
This is not a vulnerability in WordPress. The `block_click` action handler
is added by a plugin or theme, and I'm unable to determine which plugin is
responsible for it.
You'll need to check your installation to find the vulnerable plugin or
theme. If the plugin is verified as you hosted on WordPress.org you can
follow the directions available here:
https://developer.wordpress.org/plugins/wordpress-org/plugin-security
/reporting-plugin-security-issues/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43535#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list