[wp-trac] [WordPress Trac] #47907: Stored XSS
WordPress Trac
noreply at wordpress.org
Tue Aug 20 20:14:42 UTC 2019
#47907: Stored XSS
--------------------------+---------------------------------
Reporter: rohit001 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.2.2
Severity: major | Resolution:
Keywords: close | Focuses: ui, administration
--------------------------+---------------------------------
Comment (by williampatton):
Hey @rohit001,
Were you still logged in when you commented? Admin level users have the
capability to post contents with unfiltered html code in them but other
users have filters applied to their submissions to escape and/or strip
things that shouldn't be there to mitigate these XSS possibilities.
Could you try it while logged out as well and see if there is any change?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47907#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list