Changes between Initial Version and Version 2 of Ticket #58305
- Timestamp:
- 05/14/2023 06:39:59 AM (21 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #58305
- Property Keywords has-patch added
-
Property
Milestone
changed from
Awaiting Review
to6.3
-
Property
Summary
changed from
This Dynamic Value is From the "apply_filters()" Function not Escaped While Echoing.
toLogin page title text is filterable but not escaped
-
Ticket #58305 – Description
initial v2 1 1 I have identified an issue with echoing a dynamic value of an HTML element in the [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-login.php#L209 /wp-login.php] file while reviewing its code. The problem is located on line 209 of the file. 2 2 3 I believe there is a potential security risk associated with this issue, as the dynamic value is being loaded from the "apply_filters()"function.3 I believe there is a potential security risk associated with this issue, as the dynamic value is being loaded from the `apply_filters()` function. 4 4 5 5 To ensure the security and validity of the code, it is crucial to properly escape the dynamic value and prevent any potential security vulnerabilities. Therefore, it is important to address this issue by properly escaping the value on that line.