|
#61942
|
Add "no-store" to Cache-Control header to prevent unexpected cache behavior
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
12/06/2024
|
|
#61640
|
Issues in edit_link Function: Inconsistent Return Values, Insufficient Permission Error Handling, and Data Sanitization
|
|
Security
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
has-patch
|
07/31/2024
|
|
#52333
|
Lack of the : entity on the list of allowed entity names in kses.php
|
|
Security
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
has-patch
|
01/20/2021
|
1
|
#41391
|
Links to media in password protected pages
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
07/24/2017
|
|
#59824
|
PHP Warning raised in pluggable.php when passing NULL instead of a string
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
11/07/2023
|
3
|
#37264
|
Please do not chmod 666 the wp-config.php file on installation.
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
03/22/2019
|
2
|
#53869
|
Post type / Taxonomy Label Hardening: Prevent Raw HTML tags in output / Media Library eval of HTML entities in label
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
08/04/2021
|
2
|
#53994
|
REST API requests with session cookies but an invalid/missing nonce are considered authenticated for most of the request
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
08/24/2021
|
5
|
#56860
|
Sodium Compat library is improperly loaded
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
11/19/2024
|
|
#60864
|
URL sanitizing strips valid characters instead of encoding, documented use is invalid
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
04/03/2024
|
6
|
#58679
|
meta key field in usermeta table should NOT use accent insensitive collations
|
|
Security
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
|
10/30/2023
|
|
#57447
|
wp_ajax_inline_save function does not check if post has "public" or "show_ui" enabled
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
01/11/2023
|
|
#31686
|
wp_authenticate_username_password() should check for a WP_Error object
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
08/06/2019
|
|
#56521
|
wp_kses wp_kses_hair fails to allow a valueless attribute when is follwed by /
|
|
Security
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
has-patch
|
09/06/2022
|
|
#62384
|
.htaccess lacks
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
12/09/2024
|
6
|
#37757
|
Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
09/13/2017
|
14
|
#23165
|
Admin validation errors on form nonce element IDs (_wpnonce)
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
02/08/2021
|
2
|
#58636
|
Automatic Sanitization of Nonces in wp_verify_nonce
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
06/26/2023
|
5
|
#40237
|
Educate users about modern password best-practices
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
06/06/2022
|
2
|
#62005
|
Enhance wp_hash function to support custom hashing algorithms
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
11/19/2024
|
|
#51611
|
Escape echoing Core functions
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
10/24/2020
|
1
|
#43320
|
Harden API requests against man-in-the-middle attacks
|
|
Security
|
low
|
minor
|
Awaiting Review
|
enhancement
|
|
02/18/2018
|
3
|
#50510
|
Improve security of wp_nonce implementation
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
reporter-feedback
|
11/19/2024
|
6
|
#51159
|
Let's expand our context specific escaping methods for wp_json_encode().
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
05/09/2024
|
1
|
#62055
|
Put index.php into Public folder on the root directory
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
reporter-feedback
|
11/19/2024
|
6
|
#57424
|
Specific hook for Content Security Policy
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
01/05/2023
|
2
|
#61706
|
Support for storing and getting encrypted options
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
07/19/2024
|
1
|
#60470
|
Use `filter_input` instead of superglobals where possible
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
02/09/2024
|
4
|
#36177
|
default htaccess should include security measures
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
04/12/2024
|
6
|
#55514
|
2FA by default for WordPress
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
feature request
|
|
03/06/2023
|
1
|
#43215
|
Allow wp_kses to pass allowed CSS properties
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
feature request
|
|
11/18/2024
|
2
|
#53902
|
Automating the creation of inline javascript and inline stylesheet nonces or hashes
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
feature request
|
|
07/03/2024
|
4
|
#62202
|
allow plugin versions to be flagged as security updates
|
|
Security
|
normal
|
normal
|
Awaiting Review
|
feature request
|
close
|
10/10/2024
|
|
#58174
|
A shortcode block that evaluates to nothing, renders as a space in the HTML
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
10/26/2023
|
1
|
#60887
|
After upgrade to WordPress 6.4.3, do_shortcode no longer works in page templates
|
|
Shortcodes
|
normal
|
critical
|
Awaiting Review
|
defect (bug)
|
|
04/02/2024
|
|
#58469
|
Changeset 55832 broke shortcodes saved in block attributes and rendered serverside
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
06/07/2023
|
|
#49877
|
Content enclosed by (content enclosing) shortcode gets stripped from excerpt
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
07/24/2020
|
1
|
#51377
|
Front End elements break after too many shortcodes
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
09/24/2020
|
1
|
#57790
|
Parsing of Shortcode Attributes: bug locating a final attribute
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
02/28/2023
|
1
|
#35216
|
Return empty string from wp.shortcode.replace() callback is ignored
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
06/27/2018
|
1
|
#61007
|
Shortcode aren't paste inline in paragraphs
|
|
Shortcodes
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
|
08/24/2024
|
|
#59509
|
Shortcode attributes named 0 are ignored
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
needs-unit-tests
|
10/25/2024
|
|
#49955
|
Shortcode escaping not correctly handled when followed by enclosing shortcodes
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
07/16/2020
|
2
|
#58386
|
Shortcode generated by a block element is not executed in templates
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
06/09/2023
|
|
#38713
|
Shortcodes and utf-8 no-break whitespace (\xc2\xa0)
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
03/25/2019
|
|
#55406
|
Shortcodes don't work inside srcset attribute
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
04/08/2022
|
|
#58397
|
Shortcodes in patterns are not rendered in templates
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
05/24/2023
|
2
|
#52567
|
Shortcodes in separate <p> tags appear on same line in browser
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
05/25/2023
|
3
|
#42718
|
Video shortcode needs muted attribute for Autoplay to work with Safari 11.0.1+
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
07/10/2020
|
4
|
#43456
|
`wp_html_split` <script>
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
03/02/2018
|
1
|
#43457
|
`wp_html_split` valid HTML attributes issues
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
05/28/2024
|
2
|
#44571
|
force_balance_tags breaks JavaScript
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
09/22/2024
|
4
|
#40958
|
force_balance_tags breaks Ninjaforms and probably other plugins that output html within js.
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
12/05/2024
|
1
|
#60948
|
shortcodes that return with no value / text will break if shortcode is being used as an attribute value
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
08/13/2024
|
|
#57267
|
wp_enqueue_style is not working under shortcode
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
12/15/2022
|
3
|
#54289
|
Improve get_shortcode_regex performance
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
10/19/2021
|
1
|
#46412
|
Make shortcode attributes case-insensitive? shortcode_parse_atts
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
03/04/2019
|
|
#60200
|
Search functionality does not search shortcodes
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
01/06/2024
|
|
#62454
|
[ wp-includes/shortcodes.php - do_shortcode() ] - fallback in case content is not a string
|
|
Shortcodes
|
normal
|
trivial
|
Awaiting Review
|
enhancement
|
dev-feedback
|
11/19/2024
|
1
|
#41086
|
Conditional loading of CSS files from (for example) shortcodes
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
feature request
|
|
06/16/2017
|
1
|
#47984
|
Filter pre_do_shortcode
|
|
Shortcodes
|
normal
|
normal
|
Awaiting Review
|
feature request
|
has-patch
|
09/05/2019
|
1
|
#58518
|
"More info about performance optimization" links in Site Health go to 404 error on WordPress.org
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
06/13/2023
|
2
|
#49923
|
Change "Critical Issue" to "Recommendation"
|
|
Site Health
|
normal
|
critical
|
Awaiting Review
|
defect (bug)
|
close
|
12/08/2021
|
1
|
#52977
|
Consider using basic auth in https healh check.
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
09/08/2023
|
|
#58819
|
Critical error on this website
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
07/18/2023
|
|
#50895
|
False information about writable files in Site Health Info
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
05/27/2022
|
|
#60831
|
Investigate flakey `Tests_Admin_wpSiteHealth ::test_object_cache_thresholds()` test
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
03/23/2024
|
|
#62633
|
Is writable check for fonts folder is misleading/wrong
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
12/03/2024
|
3
|
#48399
|
Recovery mode can stick the admin in a bad state
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
11/21/2019
|
1
|
#52343
|
Site Health Page: Inactive theme message is inconsistent
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
01/28/2021
|
|
#51088
|
Site Health Status widget displays incorrect or inconsistent number of issues
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
05/17/2021
|
5
|
#59251
|
Site Health incorrectly reports low disk space available for updates when disk_free_space function disabled
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
05/02/2024
|
|
#54598
|
Site Health makes downright wrong and dangerous suggestions
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
11/30/2022
|
|
#62630
|
Site Health plugin information display html tags in plugin name
|
|
Site Health
|
normal
|
trivial
|
Awaiting Review
|
defect (bug)
|
has-patch
|
12/05/2024
|
2
|
#47266
|
Template of shutdown handler for fatal errors should not be displayed for CLI scripts
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
05/08/2024
|
|
#53204
|
This means any errors on the site will be written to a file which is potentially available to normal users
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
09/01/2022
|
3
|
#55280
|
Unsupported operand types in Site Health
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
02/27/2024
|
4
|
#51230
|
WP_DEBUG is flagged when using the development environment type
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
08/14/2024
|
|
#60388
|
WordPress Core error message in my Website
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
has-patch
|
05/10/2024
|
1
|
#61577
|
health check count display bug
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
|
07/11/2024
|
|
#61534
|
if debug mode is true and go to the site-heath page showing extra margin top at admin-menu
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
dev-feedback
|
10/02/2024
|
1
|
#52945
|
wp_cache settings not recognized in site health / plugins
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
reporter-feedback
|
03/31/2021
|
6
|
#52011
|
'The REST API encountered an unexpected result' should be a critical error
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
08/28/2022
|
|
#54505
|
Add "Temp Directory" to site health info
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
11/24/2021
|
6
|
#60619
|
Add a DNS section to Site Health (and status checks for SPF and DMARC)
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
11/28/2024
|
2
|
#56595
|
Add a Site Health check for a non-virtual robots.txt file
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
12/03/2024
|
|
#62129
|
Add a Site Health test for existence of sender email address
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
09/29/2024
|
2
|
#49188
|
Add a check for tables structures.
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
01/29/2021
|
2
|
#62101
|
Add a filter to customize the URL for page caching check in Site Health
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
09/24/2024
|
5
|
#59893
|
Add a translation section in the Site Health report
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
09/26/2024
|
|
#57440
|
Add filter to customize the "rest_availability" test URL
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
01/10/2023
|
2
|
#50055
|
Add more user-actionable information to the timezone health check
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
06/15/2020
|
|
#62631
|
Add plugin dependencies to Site Health
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
12/03/2024
|
2
|
#57159
|
Add scheduled events in the site health report.
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
01/31/2023
|
1
|
#62526
|
Add the theme type (block theme or non block theme) to the site health page
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
dev-feedback
|
11/25/2024
|
2
|
#56376
|
Add wp_is_ini_value_changeable( 'memory_limit' ) yes or no to class WP_Debug_Data
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
08/14/2022
|
3
|
#47210
|
Allow html on site health titles and description
|
|
Site Health
|
normal
|
minor
|
Awaiting Review
|
enhancement
|
dev-feedback
|
09/05/2022
|
2
|
#53230
|
Allow nested arrays to be displayed in site health.
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
08/28/2022
|
15
|
#47192
|
Allow users to enter recovery mode via their registered email
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
has-patch
|
04/22/2020
|
3
|
#61743
|
Capture and inform users when plugins or themes are `_doing_it_wrong()`
|
|
Site Health
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
|
07/24/2024
|