[wp-trac] [WordPress Trac] #50308: CSS Customizer control field - vulnerabilty against hacks prevention
WordPress Trac
noreply at wordpress.org
Wed Jun 3 08:10:04 UTC 2020
#50308: CSS Customizer control field - vulnerabilty against hacks prevention
-------------------------+------------------------------
Reporter: marcorinia | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.4.1
Severity: normal | Resolution:
Keywords: close | Focuses:
-------------------------+------------------------------
Changes (by audrasjb):
* keywords: => close
* focuses: javascript, css, coding-standards =>
* severity: major => normal
Comment:
Hi @marcorinia and welcome to WordPress Trac,
Custom CSS inputs are already tested, you should not be able to use JS
scripts in this field and PHP snippets aren’t executed.
Also, please note that security issues should be reported on WordPress
security program, not on WordPress Trac (there was a message about that
when you submitted your ticket).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50308#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list