[wp-trac] [WordPress Trac] #62869: Malicious PDF Execution via Media Library
WordPress Trac
noreply at wordpress.org
Mon Jan 27 11:06:28 UTC 2025
#62869: Malicious PDF Execution via Media Library
--------------------------+----------------------
Reporter: deepench | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 6.7.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
@deepench Please be more careful with your reports in the future. When you
opened this ticket you specifically had to check a checkbox that says "I
am not reporting a security issue".
[http://make.wordpress.org/core/handbook/reporting-security-
vulnerabilities/ More info here].
In your screenshot I can see you're viewing the PDF file directly in your
browser. PDF files containing JavaScript run in a sandbox mode in
browsers, so they don't have access to cookies or the DOM. If you view the
PDF in the WordPress media manager then you'll only see a screenshot, not
the rendered PDF.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62869#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list