[wp-trac] [WordPress Trac] #48164: XSS STORE IN THEME BY WORDPRESS

WordPress Trac noreply at wordpress.org
Sat Sep 28 14:18:18 UTC 2019


#48164: XSS STORE IN THEME BY WORDPRESS
------------------------------------------+-----------------------------
 Reporter:  dianguc38                     |      Owner:  (none)
     Type:  defect (bug)                  |     Status:  new
 Priority:  normal                        |  Milestone:  Awaiting Review
Component:  Themes                        |    Version:  5.2.3
 Severity:  normal                        |   Keywords:
  Focuses:  javascript, coding-standards  |
------------------------------------------+-----------------------------
 With version 5.2.3 from framework wordpress. I researching in three theme
 Twenty Nineteen, Twenty Sixteen,Twenty Seventeen develop by the WordPress
 team . I found some vulnerable XSS STORE in themes. This is field triger
 bug XSS is Homepage-setting include input "name Homepage",Posts page and
 field Theme Options include input "Front Page Section 1 Content","Front
 Page Section 2 Content","Front Page Section 3 Content","Front Page Section
 4 Content" .

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48164>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list