[wp-trac] [WordPress Trac] #53020: Stored XSS via «View details» plugin iFrame

WordPress Trac noreply at wordpress.org
Mon Apr 12 17:06:19 UTC 2021

#53020: Stored XSS via «View details» plugin iFrame
 Reporter:  m0ze          |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  5.8
Component:  Security      |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:  administration
Changes (by SergeyBiryukov):

 * milestone:  Awaiting Review => 5.8


 Hi there, welcome to WordPress Trac! Thanks for the report.

 I think we'd want to use `esc_html()` here instead of `strip_tags()`, for
 consistency with how contributor names are [source:tags/5.7/src/wp-
 admin/includes/plugin-install.php?marks=781#L771 escaped earlier]. Looks
 good to me otherwise.

Ticket URL: <https://core.trac.wordpress.org/ticket/53020#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list