Make WordPress Core

#45661 closed defect (bug) (invalid)


Reported by: comunicacion54 Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.0.1
Component: Security Keywords:
Focuses: Cc:
PR Number:


In a scan for malware, I have seen that the file kses.php is positive and indicates: iframe injection, I think it is from wordpress, and I would like to know if someone knows if it is a false positive, or a wordpress failure.

Change History (2)

#1 @ayeshrajans
14 months ago

Hello @comunicacion54, welcome to Wordpress Trac!
KSES was an HTML filter library written ~15 years ago, and now lives in Wordpress. It's quite old, but powers the HTML filter system in Wordpress with series of regular expressions without calling Cthulhu. Make sure the file is identical to what you download off wordpress.org, and it should be safe.

That code is supposed to make HTML modifications, so your malware scanner most likely flagged a false positive.

#2 @SergeyBiryukov
14 months ago

  • Component changed from General to Security
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @comunicacion54, welcome to WordPress Trac!

As noted above, please make sure the file on your install is identical to the one downloaded from WordPress.org.

In the future, if you think you have found a security vulnerability in WordPress core, please don't report it here, take a look at https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/.

Note: See TracTickets for help on using tickets.