[wp-trac] [WordPress Trac] #48164: XSS STORE IN THEME BY WORDPRESS
WordPress Trac
noreply at wordpress.org
Sat Sep 28 14:18:18 UTC 2019
#48164: XSS STORE IN THEME BY WORDPRESS
------------------------------------------+-----------------------------
Reporter: dianguc38 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version: 5.2.3
Severity: normal | Keywords:
Focuses: javascript, coding-standards |
------------------------------------------+-----------------------------
With version 5.2.3 from framework wordpress. I researching in three theme
Twenty Nineteen, Twenty Sixteen,Twenty Seventeen develop by the WordPress
team . I found some vulnerable XSS STORE in themes. This is field triger
bug XSS is Homepage-setting include input "name Homepage",Posts page and
field Theme Options include input "Front Page Section 1 Content","Front
Page Section 2 Content","Front Page Section 3 Content","Front Page Section
4 Content" .
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48164>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list