[wp-trac] [WordPress Trac] #53020: Stored XSS via «View details» plugin iFrame

WordPress Trac noreply at wordpress.org
Mon Apr 12 18:31:42 UTC 2021

#53020: Stored XSS via «View details» plugin iFrame
 Reporter:  m0ze          |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  5.8
Component:  Security      |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:  administration

Comment (by m0ze):

 @SergeyBiryukov hi there. Thank you :)

 > I think we'd want to use esc_html() here instead of strip_tags(), for
 consistency with how contributor names are escaped earlier​.

 Yep, got it!

Ticket URL: <https://core.trac.wordpress.org/ticket/53020#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list