Sanitize pagenow in admin-header.php
|Reported by:||xknown||Owned by:|
|Milestone:||2.1.3||Priority:||highest omg bbq|
In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.
PS. Thursday I've sent to security@… a PoC that uses this variable to perform an XSS/CSRF attack.
Change History (5)
comment:1 foolswisdom — 7 years ago
- Priority changed from normal to highest omg bbq
- Severity changed from normal to critical
Note: See TracTickets for help on using tickets.