#60234
|
Script Modules API: Add a translations API
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/27/2024
|
#60597
|
Script Modules API: Allow list of enqueued module data to be exposed
|
|
|
normal
|
normal
|
Future Release
|
enhancement
|
09/09/2024
|
#61500
|
Script Modules: Allow scripts to depend on modules
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/25/2024
|
#61771
|
Script Modules: add the importmap's scopes key
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/26/2024
|
#36791
|
Set load order when enqueuing scripts and styles
|
|
has-patch
|
normal
|
normal
|
|
enhancement
|
06/04/2019
|
#57548
|
Stop concatenating scripts and stylesheets in wp-admin and retire load-scripts.php and load-styles.php
|
|
|
normal
|
normal
|
Future Release
|
enhancement
|
04/29/2024
|
#43825
|
Style/script loading infrastructure: Etag header as a hash of script/style handles and their corresponding versions
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/16/2019
|
#35331
|
Update external Prototype library to 1.7.3
|
|
has-patch
|
normal
|
normal
|
|
enhancement
|
06/04/2019
|
#48880
|
Using JSON.parse instead of an actual object literal when localizing scripts
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
12/06/2019
|
#38800
|
add WP_ADMIN_URL and WP_INCLUDES_URL constants
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
09/29/2017
|
#43781
|
adding apply_filters on $handle in localize
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
04/16/2018
|
#20558
|
allow wp_localize_script data to be added to existing objects
|
|
dev-feedback
|
normal
|
normal
|
|
enhancement
|
06/04/2019
|
#38054
|
class.wp-scripts.php - add_action when init is already doing
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
04/09/2019
|
#40276
|
enhancement: add a $type parameter to wp_add_inline_script()
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/08/2021
|
#56425
|
wp_localize_script assign to const and freeze instead of var to avoid reassignments
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/08/2022
|
#37162
|
wp_style_add_data and wp_script_add_data should accept SRI information
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/14/2018
|
#44211
|
Add cookie domain to `userSettings` script localize
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
feature request
|
10/12/2020
|
#40485
|
Add function for retrieving metadata from registered script
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
feature request
|
06/07/2017
|
#58873
|
Add function to pass variables to scripts
|
|
|
normal
|
normal
|
Awaiting Review
|
feature request
|
07/22/2023
|
#47285
|
Better Management of External Asset Dependencies
|
|
|
normal
|
major
|
Awaiting Review
|
feature request
|
07/24/2024
|
#51124
|
Can we get an additional parameter in wp_add_inline_script to set the script type?
|
audrasjb*
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
feature request
|
11/08/2021
|
#56993
|
I want to put a filter in the wp_enqueue_block_support_styles function.
|
|
|
normal
|
normal
|
Awaiting Review
|
feature request
|
10/25/2023
|
#60647
|
Script Modules: Allow modules to depend on existing WordPress scripts
|
jonsurrell
|
has-patch
|
normal
|
normal
|
6.7
|
feature request
|
06/26/2024
|
#55618
|
combine/concatenate enqueued relative js/css
|
|
|
normal
|
normal
|
Awaiting Review
|
feature request
|
04/25/2022
|
#56141
|
Enhance installer security
|
|
dev-feedback
|
high
|
major
|
Future Release
|
enhancement
|
12/31/2023
|
#43320
|
Harden API requests against man-in-the-middle attacks
|
|
|
low
|
minor
|
Awaiting Review
|
enhancement
|
02/18/2018
|
#61942
|
Add "no-store" to Cache-Control header to prevent unexpected cache behavior
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/30/2024
|
#15394
|
Ancient "Are you sure you want to do this" now confusing
|
|
dev-feedback
|
normal
|
minor
|
Future Release
|
defect (bug)
|
05/17/2019
|
#60090
|
Double login with cloned wordpress instance
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
12/22/2023
|
#24907
|
Escape admin_url() when used for ajax_url in admin header
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/04/2019
|
#44637
|
Escape strings in wp-admin/themes.php
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/07/2021
|
#58900
|
Escaping: Output String did not run through a proper escaping function
|
|
close
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
12/08/2023
|
#60994
|
Github bot detected some high risk security issue in npm packages.
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/11/2024
|
#61640
|
Issues in edit_link Function: Inconsistent Return Values, Insufficient Permission Error Handling, and Data Sanitization
|
|
has-patch
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
07/31/2024
|
#52333
|
Lack of the : entity on the list of allowed entity names in kses.php
|
|
has-patch
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
01/20/2021
|
#41391
|
Links to media in password protected pages
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/24/2017
|
#53618
|
Nonce use for AJAX calls interferes with page caching
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/07/2021
|
#59824
|
PHP Warning raised in pluggable.php when passing NULL instead of a string
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
11/07/2023
|
#37559
|
Password protected pages require the password only once
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/04/2019
|
#61711
|
Password-protected pages lacking appropriate 'Cache-Control' request header
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/03/2024
|
#37264
|
Please do not chmod 666 the wp-config.php file on installation.
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/22/2019
|
#53869
|
Post type / Taxonomy Label Hardening: Prevent Raw HTML tags in output / Media Library eval of HTML entities in label
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/04/2021
|
#53994
|
REST API requests with session cookies but an invalid/missing nonce are considered authenticated for most of the request
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/24/2021
|
#50027
|
Retire Phpass and use PHP native password hashing
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/13/2023
|
#56860
|
Sodium Compat library is improperly loaded
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/20/2022
|
#58771
|
Someone logged onto my WordPress Admin Site, changed the password, and created a User Registration
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/10/2023
|
#53019
|
The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages.
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/14/2023
|
#34041
|
Tying nonces to sessions breaks when users are switched
|
|
|
normal
|
major
|
Future Release
|
defect (bug)
|
06/04/2019
|
#59355
|
TypeError: Cannot read properties of undefined (reading 'hasClass') in wp-auth-check.min.js
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/15/2023
|
#60864
|
URL sanitizing strips valid characters instead of encoding, documented use is invalid
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/03/2024
|
#50828
|
Update ca-bundle.crt and remove expired certificates
|
SergeyBiryukov
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
11/10/2021
|
#57882
|
User that has capability to create user can make only administrator.
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/07/2023
|
#16483
|
Visibility: password-protected exposes multiple pages
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
01/30/2022
|
#48955
|
WP 5.3.1 changes cause potential backwards compatibility breakage with kses
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
08/12/2020
|
#53973
|
WordPress <= 5.8 - Authenticated Persistent XSS (User role name)
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
06/15/2024
|
#58916
|
Wrong User Password Reset
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/29/2023
|
#34852
|
fix broken re-auth loop (due to expired session)
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/04/2019
|
#58679
|
meta key field in usermeta table should NOT use accent insensitive collations
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
10/30/2023
|
#57447
|
wp_ajax_inline_save function does not check if post has "public" or "show_ui" enabled
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
01/11/2023
|
#31686
|
wp_authenticate_username_password() should check for a WP_Error object
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/06/2019
|
#60347
|
wp_kses breaking text fragments links
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/21/2024
|
#56521
|
wp_kses wp_kses_hair fails to allow a valueless attribute when is follwed by /
|
|
has-patch
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
09/06/2022
|
#37670
|
wp_validate_redirect fails when running WordPress on a port
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/04/2019
|
#38260
|
A FORCE_SSL_CANONICAL constant
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/04/2019
|
#38259
|
A FORCE_SSL_CONTENT constant
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/04/2019
|
#38261
|
A FORCE_SSL_SCRIPTS constant
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/04/2019
|
#57304
|
Add SensitiveParameter attribute to DB connection and login variables
|
|
has-patch
|
normal
|
normal
|
6.7
|
enhancement
|
07/02/2024
|
#37757
|
Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
09/13/2017
|
#60824
|
Add filters to to wp_verify_nonce()
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
03/22/2024
|
#57875
|
Add password strength meter for password protected content
|
|
|
normal
|
normal
|
Future Release
|
enhancement
|
06/01/2023
|
#23165
|
Admin validation errors on form nonce element IDs (_wpnonce)
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/08/2021
|
#58636
|
Automatic Sanitization of Nonces in wp_verify_nonce
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/26/2023
|
#56785
|
Automatically catch potential security issues before release
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
10/11/2022
|
#39656
|
Create a submenu item under About admin bar for security
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/23/2017
|
#53296
|
Do trim $hook_name within add_action() and add_filter() function
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
05/29/2021
|
#40237
|
Educate users about modern password best-practices
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/06/2022
|
#62005
|
Enhance wp_hash function to support custom hashing algorithms
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
09/08/2024
|
#51611
|
Escape echoing Core functions
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
10/24/2020
|
#28521
|
FORCE_SSL constant for really forcing SSL
|
adamsilverstein
|
|
normal
|
normal
|
Future Release
|
enhancement
|
06/08/2023
|
#50510
|
Improve security of wp_nonce implementation
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/11/2023
|
#44058
|
Include security sniffs in PHPCS ruleset
|
|
|
normal
|
normal
|
Future Release
|
enhancement
|
05/16/2018
|
#51159
|
Let's expand our context specific escaping methods for wp_json_encode().
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
05/09/2024
|
#36087
|
Migration plan from insecure RNG fallback
|
|
|
normal
|
normal
|
Future Release
|
enhancement
|
09/30/2020
|
#51407
|
Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility
|
adamsilverstein
|
dev-feedback
|
normal
|
normal
|
Future Release
|
enhancement
|
12/26/2023
|
#52544
|
Removing database tables allows anyone to take over all website files
|
|
|
normal
|
major
|
Awaiting Review
|
enhancement
|
07/05/2022
|
#57424
|
Specific hook for Content Security Policy
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/05/2023
|
#54512
|
Suggestion for file protection
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/25/2021
|
#61706
|
Support for storing and getting encrypted options
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/19/2024
|
#37000
|
Support for the SameSite cookie attribute
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
enhancement
|
06/06/2024
|
#29429
|
Support frame-ancestors directive over X-Frame-Options
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
enhancement
|
07/29/2019
|
#38262
|
Task: Opt in SSL Improvements
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/05/2020
|
#51438
|
Use CSP directive upgrade-insecure-requests when using HTTPS
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
enhancement
|
11/09/2021
|
#52388
|
Use HTTPS URL already during installation if supported
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
enhancement
|
01/28/2021
|
#60470
|
Use `filter_input` instead of superglobals where possible
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/09/2024
|
#21022
|
Use bcrypt for password hashing; updating old hashes
|
|
dev-feedback
|
normal
|
major
|
Future Release
|
enhancement
|
09/11/2024
|
#36177
|
default htaccess should include security measures
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
04/12/2024
|
#58765
|
the_block_template_skip_link() - XSS vulnerability - Apply FIX
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/08/2023
|
#56335
|
use hash_equals to check password hash
|
|
close
|
normal
|
trivial
|
Awaiting Review
|
enhancement
|
10/12/2022
|
#38474
|
wp_signups.activation_key stores activation keys in plain text
|
SergeyBiryukov
|
has-patch
|
normal
|
normal
|
Future Release
|
enhancement
|
04/23/2024
|
#54280
|
wp_verify_nonce should return a filter
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
10/17/2021
|