WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#32869 closed defect (bug) (invalid)

XSS Problem on Wordpress 4

Reported by: MohsineBen Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Themes Keywords:
Focuses: javascript Cc:
PR Number:

Description

Hi, i think Wordpress 4 is suffring from Cross Site Scripting problem , i tested it on 2 websites :
1-http://www.argent-dz.com/?s=%22-%3E%3Cscript%3Eprompt%28112233445566%29%3C%2Fscript%3E%22
2-http://axcit.com/?s=%22-%3E%3Cscript%3Eprompt(112233)%3C%2Fscript%3E%22

it will take maybe 4 or 3 secends so that the error message appears (alert windows)

aand this is the result:
http://prntscr.com/7o81or

Attachments (1)

wordpress.JPG (54.3 KB) - added by MohsineBen 4 years ago.
XSS Window on Wordpress 4

Download all attachments as: .zip

Change History (3)

@MohsineBen
4 years ago

XSS Window on Wordpress 4

#1 @netweb
4 years ago

  • Component changed from General to Security
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 4.0 deleted

There were two notices you would have seen when posting this ticket:

Do not report potential security vulnerabilities here.
See the Security FAQ and contact security@wordpress.org.

And after typing the text you would've had to have checked the checkbox of the following to proceed:

I am not reporting a security issue — report security issues to security@wordpress.org

Yet you continued to post here anyway, quite disappointing :(

It looks like the theme in use isn’t escaping the search term properly, and that WordPress 4.3+ pre-escapes the search term to potentially avoid some of those cases, see #32142

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#2 @johnbillion
4 years ago

  • Component changed from Security to Themes
Note: See TracTickets for help on using tickets.