[wp-trac] [WordPress Trac] #50308: CSS Customizer control field - vulnerabilty against hacks prevention
WordPress Trac
noreply at wordpress.org
Wed Jun 3 20:42:02 UTC 2020
#50308: CSS Customizer control field - vulnerabilty against hacks prevention
-------------------------+------------------------------
Reporter: marcorinia | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.4.1
Severity: normal | Resolution:
Keywords: close | Focuses:
-------------------------+------------------------------
Comment (by marcorinia):
Replying to [comment:1 audrasjb]:
> Hi @marcorinia and welcome to WordPress Trac,
>
> Custom CSS inputs are already tested, you should not be able to use JS
scripts in this field and PHP snippets aren’t executed.
>
> Also, please note that security issues should be reported on WordPress
security program, not on WordPress Trac (there was a message about that
when you submitted your ticket).
Hi @audrasjb ,
Thank you for responding very fast and youre clear explaination.
I didn't understand where and how to submit a ticket at the WP security
program. That's why i submitted it here. Sorry for that.
Greetings,
Marco
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50308#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list