Make WordPress Core

{1} All Tickets (8345 matches)

Create a new ticket
  • All active tickets
  • Sort by component, type, summary
  • Accepted tickets have an '*' appended to their owner's name

Results (6701 - 6800 of 8345)

Security (83 matches)

Ticket Summary Owner Workflow Priority Severity Milestone Type Modified Comments
#58636 Automatic Sanitization of Nonces in wp_verify_nonce normal normal Awaiting Review enhancement 06/26/2023
#56785 Automatically catch potential security issues before release normal normal Awaiting Review enhancement 10/11/2022
#53296 Do trim $hook_name within add_action() and add_filter() function has-patch normal normal Awaiting Review enhancement 05/29/2021
#62055 Put index.php into Public folder on the root directory normal normal Awaiting Review enhancement 09/16/2024
#57424 Specific hook for Content Security Policy normal normal Awaiting Review enhancement 01/05/2023
#54512 Suggestion for file protection normal normal Awaiting Review enhancement 11/25/2021
#61706 Support for storing and getting encrypted options normal normal Awaiting Review enhancement 07/19/2024
#52388 Use HTTPS URL already during installation if supported needs-unit-tests normal normal Future Release enhancement 01/28/2021
#54280 wp_verify_nonce should return a filter normal normal Awaiting Review enhancement 10/17/2021
#60994 Github bot detected some high risk security issue in npm packages. normal normal Awaiting Review defect (bug) 04/11/2024 1
#41391 Links to media in password protected pages normal normal Awaiting Review defect (bug) 07/24/2017 1
#53618 Nonce use for AJAX calls interferes with page caching normal normal Awaiting Review defect (bug) 07/07/2021 1
#59355 TypeError: Cannot read properties of undefined (reading 'hasClass') in wp-auth-check.min.js normal normal Awaiting Review defect (bug) 09/15/2023 1
#57882 User that has capability to create user can make only administrator. reporter-feedback normal normal Awaiting Review defect (bug) 03/07/2023 1
#34852 fix broken re-auth loop (due to expired session) normal normal Awaiting Review defect (bug) 06/04/2019 1
#56521 wp_kses wp_kses_hair fails to allow a valueless attribute when is follwed by / has-patch normal major Awaiting Review defect (bug) 09/06/2022 1
#38260 A FORCE_SSL_CANONICAL constant normal normal Awaiting Review enhancement 06/04/2019 1
#38259 A FORCE_SSL_CONTENT constant normal normal Awaiting Review enhancement 06/04/2019 1
#60824 Add filters to to wp_verify_nonce() has-patch normal normal Awaiting Review enhancement 03/22/2024 1
#57875 Add password strength meter for password protected content normal normal Future Release enhancement 06/01/2023 1
#51611 Escape echoing Core functions normal normal Awaiting Review enhancement 10/24/2020 1
#43215 Allow wp_kses to pass allowed CSS properties normal normal Awaiting Review feature request 10/06/2024 1
#55950 FIDO passwordless authentication? normal minor Awaiting Review feature request 06/08/2022 1
#50613 disable update for themes e plugin normal normal Awaiting Review feature request 07/09/2020 1
#61942 Add "no-store" to Cache-Control header to prevent unexpected cache behavior normal normal Awaiting Review defect (bug) 08/30/2024 2
#44637 Escape strings in wp-admin/themes.php reporter-feedback normal normal Awaiting Review defect (bug) 06/07/2021 2
#58900 Escaping: Output String did not run through a proper escaping function close normal normal Awaiting Review defect (bug) 12/08/2023 2
#37559 Password protected pages require the password only once normal normal Awaiting Review defect (bug) 06/04/2019 2
#61711 Password-protected pages lacking appropriate 'Cache-Control' request header normal normal Awaiting Review defect (bug) 09/03/2024 2
#60347 wp_kses breaking text fragments links normal normal Awaiting Review defect (bug) 06/21/2024 2
#37670 wp_validate_redirect fails when running WordPress on a port reporter-feedback normal normal Awaiting Review defect (bug) 06/04/2019 2
#38261 A FORCE_SSL_SCRIPTS constant normal normal Awaiting Review enhancement 06/04/2019 2
#39656 Create a submenu item under About admin bar for security normal normal Awaiting Review enhancement 01/23/2017 2
#43320 Harden API requests against man-in-the-middle attacks low minor Awaiting Review enhancement 02/18/2018 2
#51159 Let's expand our context specific escaping methods for wp_json_encode(). normal normal Awaiting Review enhancement 05/09/2024 2
#58765 the_block_template_skip_link() - XSS vulnerability - Apply FIX has-patch normal normal Awaiting Review enhancement 07/08/2023 2
#61322 HTTPOnly attribute for WP Test Cookies has-patch normal major Awaiting Review feature request 08/29/2024 2
#38536 Hook/Function to Set Content-Security-Policy normal normal Awaiting Review feature request 06/04/2019 2
#55228 Provide Option to Remove Password Visibility Button and Dashicons from WordPress' Login Form close normal normal Awaiting Review feature request 02/25/2022 2
#53869 Post type / Taxonomy Label Hardening: Prevent Raw HTML tags in output / Media Library eval of HTML entities in label has-patch normal normal Awaiting Review defect (bug) 08/04/2021 3
#53019 The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages. normal normal Awaiting Review defect (bug) 03/14/2023 3
#58916 Wrong User Password Reset normal normal Awaiting Review defect (bug) 07/29/2023 3
#44058 Include security sniffs in PHPCS ruleset normal normal Future Release enhancement 05/16/2018 3
#36087 Migration plan from insecure RNG fallback normal normal Future Release enhancement 09/30/2020 3
#29429 Support frame-ancestors directive over X-Frame-Options dev-feedback normal normal Future Release enhancement 07/29/2019 3
#38262 Task: Opt in SSL Improvements normal normal Awaiting Review enhancement 02/05/2020 3
#60470 Use `filter_input` instead of superglobals where possible normal normal Awaiting Review enhancement 02/09/2024 3
#56335 use hash_equals to check password hash close normal trivial Awaiting Review enhancement 10/12/2022 3
#55514 2FA by default for WordPress normal normal Awaiting Review feature request 03/06/2023 3
#61640 Issues in edit_link Function: Inconsistent Return Values, Insufficient Permission Error Handling, and Data Sanitization has-patch normal major Awaiting Review defect (bug) 07/31/2024 4
#60864 URL sanitizing strips valid characters instead of encoding, documented use is invalid has-patch normal normal Awaiting Review defect (bug) 04/03/2024 4
#62005 Enhance wp_hash function to support custom hashing algorithms has-patch normal normal Awaiting Review enhancement 09/25/2024 4
#51438 Use CSP directive upgrade-insecure-requests when using HTTPS needs-unit-tests normal normal Future Release enhancement 11/09/2021 4
#53902 Automating the creation of inline javascript and inline stylesheet nonces or hashes normal normal Awaiting Review feature request 07/03/2024 4
#34041 Tying nonces to sessions breaks when users are switched normal major Future Release defect (bug) 06/04/2019 5
#50510 Improve security of wp_nonce implementation dev-feedback normal normal Awaiting Review enhancement 07/11/2023 5
#37604 'Password Lost/Changed' emails should give indication of the strength of the new password dev-feedback normal normal Future Release feature request 04/09/2018 5
#60090 Double login with cloned wordpress instance normal major Awaiting Review defect (bug) 12/22/2023 6
#31686 wp_authenticate_username_password() should check for a WP_Error object reporter-feedback normal normal Awaiting Review defect (bug) 08/06/2019 6
#37757 Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+ has-patch normal normal Awaiting Review enhancement 09/13/2017 7
#50437 Add leniency to the overdue check for plugin and theme auto updates normal normal Future Release task (blessed) 07/14/2020 7
#37264 Please do not chmod 666 the wp-config.php file on installation. has-patch normal normal Awaiting Review defect (bug) 03/22/2019 9
#40237 Educate users about modern password best-practices normal normal Awaiting Review enhancement 06/06/2022 9
#53973 WordPress <= 5.8 - Authenticated Persistent XSS (User role name) has-patch normal normal Future Release defect (bug) 06/15/2024 12
#56141 Enhance installer security dev-feedback high major Future Release enhancement 12/31/2023 14
#51407 Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility adamsilverstein dev-feedback normal normal Future Release enhancement 12/26/2023 15
#52544 Removing database tables allows anyone to take over all website files normal major Awaiting Review enhancement 07/05/2022 15
#38474 wp_signups.activation_key stores activation keys in plain text SergeyBiryukov has-patch normal normal Future Release enhancement 04/23/2024 16
#15394 Ancient "Are you sure you want to do this" now confusing dev-feedback normal minor Future Release defect (bug) 05/17/2019 17
#57304 Add SensitiveParameter attribute to DB connection and login variables has-patch normal normal 6.8 enhancement 10/01/2024 17
#23165 Admin validation errors on form nonce element IDs (_wpnonce) has-patch normal normal Awaiting Review enhancement 02/08/2021 17
#50027 Retire Phpass and use PHP native password hashing needs-unit-tests normal normal Awaiting Review defect (bug) 10/13/2023 18
#36177 default htaccess should include security measures normal normal Awaiting Review enhancement 04/12/2024 19
#32067 Remove inline javascript from WP-Core to allow CSP protection normal normal Future Release feature request 06/18/2024 20
#28521 FORCE_SSL constant for really forcing SSL adamsilverstein normal normal Future Release enhancement 06/08/2023 22
#20140 Ask old password to change user password dev-feedback normal major Future Release feature request 07/28/2024 22
#50828 Update ca-bundle.crt and remove expired certificates SergeyBiryukov has-patch normal normal Future Release defect (bug) 11/10/2021 25
#48955 WP 5.3.1 changes cause potential backwards compatibility breakage with kses normal normal Future Release defect (bug) 08/12/2020 28
#16483 Visibility: password-protected exposes multiple pages dev-feedback normal normal Future Release defect (bug) 01/30/2022 33
#30465 Dashboard alert if a plugin/theme was removed from WordPress repo dev-feedback normal normal Future Release feature request 06/19/2024 40
#37000 Support for the SameSite cookie attribute dev-feedback normal normal Future Release enhancement 06/06/2024 45
#43936 Settings: Warn when open registration and new user default is privileged audrasjb* has-patch normal normal 6.8 feature request 10/02/2024 62
#21022 Use bcrypt for password hashing; updating old hashes dev-feedback normal major Future Release enhancement 09/11/2024 131

Shortcodes (17 matches)

Ticket Summary Owner Workflow Priority Severity Milestone Type Modified Comments
#60887 After upgrade to WordPress 6.4.3, do_shortcode no longer works in page templates normal critical Awaiting Review defect (bug) 04/02/2024
#55406 Shortcodes don't work inside srcset attribute normal normal Awaiting Review defect (bug) 04/08/2022
#58397 Shortcodes in patterns are not rendered in templates normal normal Awaiting Review defect (bug) 05/24/2023
#35545 Unexpected behavior of wp.shortcode.regexp normal normal defect (bug) 06/04/2019
#43456 `wp_html_split` <script> normal normal Awaiting Review defect (bug) 03/02/2018
#60200 Search functionality does not search shortcodes normal normal Awaiting Review enhancement 01/06/2024
#35179 playlist shortcode needs an option to not loop normal normal enhancement 06/04/2019
#47984 Filter pre_do_shortcode has-patch normal normal Awaiting Review feature request 09/05/2019
#58469 Changeset 55832 broke shortcodes saved in block attributes and rendered serverside normal normal Awaiting Review defect (bug) 06/07/2023 1
#43725 Multiple instances of opening / closing shortcode only works when closing tag is provided normal normal Future Release defect (bug) 07/16/2020 1
#57790 Parsing of Shortcode Attributes: bug locating a final attribute dev-feedback normal normal Awaiting Review defect (bug) 02/28/2023 1
#34814 Presence of "Less than sign" < adds additional closing shortcode tag. normal normal defect (bug) 06/04/2019 1
#37238 Right-aligned captions with embedded iframes get removed in Visual mode normal normal defect (bug) 04/19/2019 1
#59509 Shortcode attributes named 0 are ignored needs-unit-tests normal normal Awaiting Review defect (bug) 10/04/2023 1
#38713 Shortcodes and utf-8 no-break whitespace (\xc2\xa0) normal normal Awaiting Review defect (bug) 03/25/2019 1
#52567 Shortcodes in separate <p> tags appear on same line in browser normal normal Awaiting Review defect (bug) 05/25/2023 1
#57267 wp_enqueue_style is not working under shortcode reporter-feedback normal normal Awaiting Review defect (bug) 12/15/2022 1
Note: See TracReports for help on using and creating reports.