[wp-trac] [WordPress Trac] #62088: Prevent users that don't have unfiltered_html capability from adding code to custom post fields
WordPress Trac
noreply at wordpress.org
Sat Sep 21 11:47:53 UTC 2024
#62088: Prevent users that don't have unfiltered_html capability from adding code
to custom post fields
-------------------------+---------------------------------
Reporter: dartiss | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version:
Severity: normal | Resolution: reported-upstream
Keywords: | Focuses: ui, administration
-------------------------+---------------------------------
Changes (by dartiss):
* status: new => closed
* resolution: => reported-upstream
Comment:
I'm closing this off, as I've been able to sufficiently dig into this to
believe it's a security vulnerability . I have therefore reported it to
HackerOne.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62088#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list