[wp-trac] [WordPress Trac] #54893: wp_set_script_translations() accepts and evaluates <script> tag included in JSON
WordPress Trac
noreply at wordpress.org
Tue Jan 25 07:39:34 UTC 2022
#54893: wp_set_script_translations() accepts and evaluates <script> tag included in
JSON
------------------------------+------------------------------
Reporter: Takahashi_Fumiki | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: javascript
------------------------------+------------------------------
Comment (by juliobox):
Ok, but since you have to push a new file in your plugin to let the
exploit live, sounds like too much steps to be qualified as a vuln.
It's like "open your console and paste this code: (…), hack done!" no it's
not a vuln.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54893#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list