[wp-trac] [WordPress Trac] #53973: WordPress <= 5.8 - Authenticated Persistent XSS (User role name)
WordPress Trac
noreply at wordpress.org
Tue Aug 24 11:54:18 UTC 2021
#53973: WordPress <= 5.8 - Authenticated Persistent XSS (User role name)
--------------------------+------------------------------
Reporter: visse | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: close | Focuses: administration
--------------------------+------------------------------
Changes (by TobiasBg):
* keywords: needs-patch => close
Comment:
It looks like this requires PHP code access in the first place, correct?
If an attacker has that, the site must be considered compromised anyways.
Hardending the `add_role` function as suggested does not help in any way.
The attacked could simply modify the value direct in the database, or use
other functions that store values that are later displayed somewhere and
thus circumvent any input sanitization that is added to these functions.
And even sanitizing everything everywhere (`esc_attr()` and so on) won't
help as e.g. post content can not be protected like that.
Simply said: If an attacker can run arbitrary PHP code on the site, we
can't protect against something like this.
I therefore tend to suggest to close this ticket as invalid, or did I
missing something in the explanation?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53973#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list