#15394
|
Ancient "Are you sure you want to do this" now confusing
|
|
Security
|
normal
|
minor
|
6
|
Future Release
|
defect (bug)
|
dev-feedback
|
05/17/2019
|
#34041
|
Tying nonces to sessions breaks when users are switched
|
|
Security
|
normal
|
major
|
6
|
Future Release
|
defect (bug)
|
|
06/04/2019
|
#58679
|
meta key field in usermeta table should NOT use accent insensitive collations
|
|
Security
|
normal
|
major
|
6
|
Awaiting Review
|
defect (bug)
|
|
10/30/2023
|
#37757
|
Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+
|
|
Security
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
has-patch
|
09/13/2017
|
#56785
|
Automatically catch potential security issues before release
|
|
Security
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
|
10/11/2022
|
#51159
|
Let's expand our context specific escaping methods for wp_json_encode().
|
|
Security
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
|
05/09/2024
|
#55514
|
2FA by default for WordPress
|
|
Security
|
normal
|
normal
|
6
|
Awaiting Review
|
feature request
|
|
03/06/2023
|
#55950
|
FIDO passwordless authentication?
|
|
Security
|
normal
|
minor
|
6
|
Awaiting Review
|
feature request
|
|
06/08/2022
|
#56860
|
Sodium Compat library is improperly loaded
|
|
Security
|
normal
|
normal
|
5
|
Awaiting Review
|
defect (bug)
|
|
10/20/2022
|
#53019
|
The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages.
|
|
Security
|
normal
|
normal
|
5
|
Awaiting Review
|
defect (bug)
|
|
03/14/2023
|
#53973
|
WordPress <= 5.8 - Authenticated Persistent XSS (User role name)
|
|
Security
|
normal
|
normal
|
5
|
Future Release
|
defect (bug)
|
has-patch
|
06/15/2024
|
#40237
|
Educate users about modern password best-practices
|
|
Security
|
normal
|
normal
|
5
|
Awaiting Review
|
enhancement
|
|
06/06/2022
|
#57424
|
Specific hook for Content Security Policy
|
|
Security
|
normal
|
normal
|
5
|
Awaiting Review
|
enhancement
|
|
01/05/2023
|
#37604
|
'Password Lost/Changed' emails should give indication of the strength of the new password
|
|
Security
|
normal
|
normal
|
5
|
Future Release
|
feature request
|
dev-feedback
|
04/09/2018
|
#20140
|
Ask old password to change user password
|
|
Security
|
normal
|
major
|
5
|
Future Release
|
feature request
|
dev-feedback
|
07/28/2024
|
#50828
|
Update ca-bundle.crt and remove expired certificates
|
SergeyBiryukov
|
Security
|
normal
|
normal
|
4
|
Future Release
|
defect (bug)
|
has-patch
|
11/10/2021
|
#36177
|
default htaccess should include security measures
|
|
Security
|
normal
|
normal
|
4
|
Awaiting Review
|
enhancement
|
|
04/12/2024
|
#62202
|
allow plugin versions to be flagged as security updates
|
|
Security
|
normal
|
normal
|
4
|
Awaiting Review
|
feature request
|
close
|
10/10/2024
|
#37264
|
Please do not chmod 666 the wp-config.php file on installation.
|
|
Security
|
normal
|
normal
|
3
|
Awaiting Review
|
defect (bug)
|
has-patch
|
03/22/2019
|
#16483
|
Visibility: password-protected exposes multiple pages
|
|
Security
|
normal
|
normal
|
3
|
Future Release
|
defect (bug)
|
dev-feedback
|
01/30/2022
|
#38260
|
A FORCE_SSL_CANONICAL constant
|
|
Security
|
normal
|
normal
|
3
|
Awaiting Review
|
enhancement
|
|
06/04/2019
|
#57304
|
Add SensitiveParameter attribute to DB connection and login variables
|
|
Security
|
normal
|
normal
|
3
|
6.8
|
enhancement
|
has-patch
|
10/01/2024
|
#50510
|
Improve security of wp_nonce implementation
|
|
Security
|
normal
|
normal
|
3
|
Awaiting Review
|
enhancement
|
dev-feedback
|
07/11/2023
|
#44058
|
Include security sniffs in PHPCS ruleset
|
|
Security
|
normal
|
normal
|
3
|
Future Release
|
enhancement
|
|
05/16/2018
|
#29429
|
Support frame-ancestors directive over X-Frame-Options
|
|
Security
|
normal
|
normal
|
3
|
Future Release
|
enhancement
|
dev-feedback
|
07/29/2019
|
#38262
|
Task: Opt in SSL Improvements
|
|
Security
|
normal
|
normal
|
3
|
Awaiting Review
|
enhancement
|
|
02/05/2020
|
#51438
|
Use CSP directive upgrade-insecure-requests when using HTTPS
|
|
Security
|
normal
|
normal
|
3
|
Future Release
|
enhancement
|
needs-unit-tests
|
11/09/2021
|
#53869
|
Post type / Taxonomy Label Hardening: Prevent Raw HTML tags in output / Media Library eval of HTML entities in label
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
defect (bug)
|
has-patch
|
08/04/2021
|
#53994
|
REST API requests with session cookies but an invalid/missing nonce are considered authenticated for most of the request
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
defect (bug)
|
|
08/24/2021
|
#60347
|
wp_kses breaking text fragments links
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
defect (bug)
|
|
06/21/2024
|
#38259
|
A FORCE_SSL_CONTENT constant
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
|
06/04/2019
|
#38261
|
A FORCE_SSL_SCRIPTS constant
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
|
06/04/2019
|
#58636
|
Automatic Sanitization of Nonces in wp_verify_nonce
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
|
06/26/2023
|
#39656
|
Create a submenu item under About admin bar for security
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
|
01/23/2017
|
#62005
|
Enhance wp_hash function to support custom hashing algorithms
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
has-patch
|
09/25/2024
|
#36087
|
Migration plan from insecure RNG fallback
|
|
Security
|
normal
|
normal
|
2
|
Future Release
|
enhancement
|
|
09/30/2020
|
#61706
|
Support for storing and getting encrypted options
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
|
07/19/2024
|
#52388
|
Use HTTPS URL already during installation if supported
|
|
Security
|
normal
|
normal
|
2
|
Future Release
|
enhancement
|
needs-unit-tests
|
01/28/2021
|
#58765
|
the_block_template_skip_link() - XSS vulnerability - Apply FIX
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
enhancement
|
has-patch
|
07/08/2023
|
#53902
|
Automating the creation of inline javascript and inline stylesheet nonces or hashes
|
|
Security
|
normal
|
normal
|
2
|
Awaiting Review
|
feature request
|
|
07/03/2024
|
#50437
|
Add leniency to the overdue check for plugin and theme auto updates
|
|
Security
|
normal
|
normal
|
2
|
Future Release
|
task (blessed)
|
|
07/14/2020
|
#41391
|
Links to media in password protected pages
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
|
07/24/2017
|
#57875
|
Add password strength meter for password protected content
|
|
Security
|
normal
|
normal
|
1
|
Future Release
|
enhancement
|
|
06/01/2023
|
#53296
|
Do trim $hook_name within add_action() and add_filter() function
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
enhancement
|
has-patch
|
05/29/2021
|
#43320
|
Harden API requests against man-in-the-middle attacks
|
|
Security
|
low
|
minor
|
1
|
Awaiting Review
|
enhancement
|
|
02/18/2018
|
#62055
|
Put index.php into Public folder on the root directory
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
enhancement
|
|
09/16/2024
|
#52544
|
Removing database tables allows anyone to take over all website files
|
|
Security
|
normal
|
major
|
1
|
Awaiting Review
|
enhancement
|
|
07/05/2022
|
#54512
|
Suggestion for file protection
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
enhancement
|
|
11/25/2021
|
#60470
|
Use `filter_input` instead of superglobals where possible
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
enhancement
|
|
02/09/2024
|
#43215
|
Allow wp_kses to pass allowed CSS properties
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
feature request
|
|
10/07/2024
|
#38536
|
Hook/Function to Set Content-Security-Policy
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
feature request
|
|
06/04/2019
|
#55228
|
Provide Option to Remove Password Visibility Button and Dashicons from WordPress' Login Form
|
|
Security
|
normal
|
normal
|
1
|
Awaiting Review
|
feature request
|
close
|
02/25/2022
|
#50683
|
Parse content for shortcodes instead of using regex
|
johnbillion
|
Shortcodes
|
normal
|
normal
|
6
|
Future Release
|
enhancement
|
has-patch
|
06/17/2024
|
#47863
|
Fix odd, unexpected output from shortcode_parse_attts
|
SergeyBiryukov
|
Shortcodes
|
normal
|
normal
|
5
|
Future Release
|
defect (bug)
|
dev-feedback
|
02/24/2020
|
#24990
|
Nested Shortcode Inside [caption]
|
|
Shortcodes
|
normal
|
normal
|
5
|
|
defect (bug)
|
needs-unit-tests
|
05/08/2021
|
#47616
|
Enhancement: doing_shortcode() function similar to doing_filter()
|
audrasjb*
|
Shortcodes
|
normal
|
normal
|
5
|
Future Release
|
enhancement
|
needs-unit-tests
|
11/09/2021
|
#34814
|
Presence of "Less than sign" < adds additional closing shortcode tag.
|
|
Shortcodes
|
normal
|
normal
|
4
|
|
defect (bug)
|
|
06/04/2019
|
#35022
|
WP allows Unicode 0x00a0 spaces in editor but shortcode parser can't handle them
|
|
Shortcodes
|
normal
|
normal
|
4
|
Future Release
|
defect (bug)
|
has-patch
|
02/06/2017
|
#43456
|
`wp_html_split` <script>
|
|
Shortcodes
|
normal
|
normal
|
4
|
Awaiting Review
|
defect (bug)
|
|
03/02/2018
|
#37183
|
Nested shortcodes in new-style [caption]
|
|
Shortcodes
|
normal
|
normal
|
3
|
|
defect (bug)
|
dev-feedback
|
05/08/2021
|
#42718
|
Video shortcode needs muted attribute for Autoplay to work with Safari 11.0.1+
|
|
Shortcodes
|
normal
|
normal
|
3
|
Awaiting Review
|
defect (bug)
|
has-patch
|
07/10/2020
|
#54289
|
Improve get_shortcode_regex performance
|
|
Shortcodes
|
normal
|
normal
|
3
|
Awaiting Review
|
enhancement
|
has-patch
|
10/19/2021
|
#31093
|
Make $tag argument optional for has_shortcode()
|
|
Shortcodes
|
normal
|
normal
|
3
|
Future Release
|
enhancement
|
dev-feedback
|
10/31/2017
|
#29661
|
Should Shortcode Attributes Allow HTML Special Characters?
|
|
Shortcodes
|
normal
|
normal
|
3
|
|
enhancement
|
|
06/04/2019
|
#33593
|
Make shortcodes case insensitive
|
|
Shortcodes
|
normal
|
normal
|
3
|
|
feature request
|
dev-feedback
|
06/04/2019
|
#43725
|
Multiple instances of opening / closing shortcode only works when closing tag is provided
|
|
Shortcodes
|
normal
|
normal
|
2
|
Future Release
|
defect (bug)
|
|
07/16/2020
|
#58386
|
Shortcode generated by a block element is not executed in templates
|
|
Shortcodes
|
normal
|
normal
|
2
|
Awaiting Review
|
defect (bug)
|
|
06/09/2023
|
#52567
|
Shortcodes in separate <p> tags appear on same line in browser
|
|
Shortcodes
|
normal
|
normal
|
2
|
Awaiting Review
|
defect (bug)
|
|
05/25/2023
|
#35545
|
Unexpected behavior of wp.shortcode.regexp
|
|
Shortcodes
|
normal
|
normal
|
2
|
|
defect (bug)
|
|
06/04/2019
|
#34983
|
shortcodes not working in input fields
|
|
Shortcodes
|
normal
|
normal
|
2
|
|
defect (bug)
|
|
06/04/2019
|
#36958
|
extending has_shortcode to allow searching in custom fields
|
|
Shortcodes
|
normal
|
normal
|
2
|
|
enhancement
|
|
06/04/2019
|
#25644
|
strip_shortcodes always removes text between shortcode tags, should be optional
|
|
Shortcodes
|
normal
|
normal
|
2
|
|
enhancement
|
dev-feedback
|
06/04/2019
|
#60887
|
After upgrade to WordPress 6.4.3, do_shortcode no longer works in page templates
|
|
Shortcodes
|
normal
|
critical
|
1
|
Awaiting Review
|
defect (bug)
|
|
04/02/2024
|
#51377
|
Front End elements break after too many shortcodes
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
09/24/2020
|
#57790
|
Parsing of Shortcode Attributes: bug locating a final attribute
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
02/28/2023
|
#35216
|
Return empty string from wp.shortcode.replace() callback is ignored
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
has-patch
|
06/27/2018
|
#35591
|
Shortcode Attributes Parsing Issue
|
|
Shortcodes
|
normal
|
normal
|
1
|
|
defect (bug)
|
reporter-feedback
|
06/04/2019
|
#61007
|
Shortcode aren't paste inline in paragraphs
|
|
Shortcodes
|
normal
|
major
|
1
|
Awaiting Review
|
defect (bug)
|
|
08/24/2024
|
#43457
|
`wp_html_split` valid HTML attributes issues
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
has-patch
|
05/28/2024
|
#44571
|
force_balance_tags breaks JavaScript
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
|
09/22/2024
|
#40958
|
force_balance_tags breaks Ninjaforms and probably other plugins that output html within js.
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
|
10/08/2024
|
#33213
|
has_shortcode spec in 4.3
|
|
Shortcodes
|
normal
|
normal
|
1
|
|
defect (bug)
|
|
06/04/2019
|
#60948
|
shortcodes that return with no value / text will break if shortcode is being used as an attribute value
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
defect (bug)
|
|
08/13/2024
|
#46412
|
Make shortcode attributes case-insensitive? shortcode_parse_atts
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
enhancement
|
|
03/04/2019
|
#35179
|
playlist shortcode needs an option to not loop
|
|
Shortcodes
|
normal
|
normal
|
1
|
|
enhancement
|
|
06/04/2019
|
#41086
|
Conditional loading of CSS files from (for example) shortcodes
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
feature request
|
|
06/16/2017
|
#47984
|
Filter pre_do_shortcode
|
|
Shortcodes
|
normal
|
normal
|
1
|
Awaiting Review
|
feature request
|
has-patch
|
09/05/2019
|
#47528
|
Site Health: Add test for file checksums
|
|
Site Health
|
normal
|
normal
|
9
|
Future Release
|
enhancement
|
has-patch
|
09/08/2023
|
#43989
|
Allow plugin searches to be filtered by "Requires PHP" version information
|
|
Site Health
|
normal
|
normal
|
9
|
Future Release
|
task (blessed)
|
needs-unit-tests
|
06/24/2019
|
#56199
|
Make the warnings about critical Site Health issues more prominent
|
|
Site Health
|
normal
|
normal
|
8
|
Future Release
|
enhancement
|
has-patch
|
05/22/2024
|
#47352
|
Take into account the current admin email address when rate limiting the recovery mode email
|
|
Site Health
|
normal
|
normal
|
6
|
Future Release
|
defect (bug)
|
dev-feedback
|
09/19/2022
|
#52011
|
'The REST API encountered an unexpected result' should be a critical error
|
|
Site Health
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
|
08/28/2022
|
#60619
|
Add a DNS section to Site Health (and status checks for SPF and DMARC)
|
|
Site Health
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
dev-feedback
|
02/23/2024
|
#47336
|
Consider adding a JS/Client based Site Health Check for the REST API
|
|
Site Health
|
normal
|
normal
|
6
|
Awaiting Review
|
enhancement
|
close
|
10/25/2020
|
#51326
|
Site Health: Add all constants used by core
|
|
Site Health
|
normal
|
minor
|
6
|
Awaiting Review
|
enhancement
|
|
10/07/2020
|
#54017
|
Add an Update Log (to site health?)
|
|
Site Health
|
normal
|
normal
|
6
|
Awaiting Review
|
feature request
|
|
09/01/2021
|
#53014
|
Health check should list all feature flags in core and show which features the current theme supports
|
|
Site Health
|
normal
|
normal
|
6
|
Future Release
|
feature request
|
|
01/27/2023
|
#53186
|
Site Health plugin extension for the performance score
|
|
Site Health
|
normal
|
normal
|
6
|
Awaiting Review
|
feature request
|
|
05/19/2021
|
#59251
|
Site Health incorrectly reports low disk space available for updates when disk_free_space function disabled
|
|
Site Health
|
normal
|
normal
|
5
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
05/02/2024
|
#59893
|
Add a translation section in the Site Health report
|
|
Site Health
|
normal
|
normal
|
5
|
Awaiting Review
|
enhancement
|
dev-feedback
|
09/26/2024
|