WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#46461 closed defect (bug) (invalid)

WordPress Version 5.1 Default Theme xss issue

Reported by: tanjimulislam Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Bundled Theme Keywords:
Focuses: Cc:

Description

Hello, I am using the latest version(5.1) of WordPress and the default Twenty Nineteen. The the default theme contains stored xss issue in comment box. Please consider the issue carefully. many users use the default theme of WP. It this kinks of issue contains the popularity of WP will decrease.

Change History (2)

#1 @ocean90
3 years ago

  • Focuses javascript removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from minor to normal
  • Status changed from assigned to closed
  • Version 5.1 deleted

While creating the ticket you should have seen this message:

Do not report potential security vulnerabilities here.
See the Security FAQ and visit the WordPress HackerOne program.

About your report, you should check if it's not covered by https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html.

#2 @SergeyBiryukov
3 years ago

  • Component changed from Comments to Bundled Theme
Note: See TracTickets for help on using tickets.