Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#3988 closed defect (bug) (fixed)

Sanitize pagenow in admin-header.php

Reported by: xknown Owned by:
Milestone: 2.1.3 Priority: highest omg bbq
Severity: critical Version: 2.1.2
Component: Security Keywords: has-patch
Focuses: Cc:


In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.

PS. Thursday I've sent to security@… a PoC that uses this variable to perform an XSS/CSRF attack.

Attachments (1)

admin-header.diff (662 bytes) - added by xknown 9 years ago.
escape pagenow value

Download all attachments as: .zip

Change History (5)

9 years ago

escape pagenow value

#1 @foolswisdom
9 years ago

  • Priority changed from normal to highest omg bbq
  • Severity changed from normal to critical

#2 @charleshooper
9 years ago

  • Cc charleshooper added
  • Keywords has-patch added

#3 @ryan
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5059]) escape pagenow. Props xknown. fixes #3988 for trunk

#4 @ryan
9 years ago

(In [5060]) escape pagenow. Props xknown. fixes #3988 for 2.1

Note: See TracTickets for help on using tickets.