[wp-trac] [WordPress Trac] #61125: Many strings or URLs lack proper escaping.
WordPress Trac
noreply at wordpress.org
Thu May 2 08:40:19 UTC 2024
#61125: Many strings or URLs lack proper escaping.
------------------------------+-----------------------------
Reporter: yagniksangani | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: major | Keywords: has-patch
Focuses: coding-standards |
------------------------------+-----------------------------
Upon reviewing various strings and URLs within the WordPress core
codebase, it has been noted that many instances lack proper escaping.
This absence of escaping poses a security risk, as it can potentially lead
to vulnerabilities such as cross-site scripting (XSS) attacks. Unescaped
output allows malicious users to inject scripts into web pages viewed by
other users.
For example, you can see it here, \wp-activate.php
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61125>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list