[wp-trac] [WordPress Trac] #56671: Not sanitized the relation operator argument in WP_Tax_Query{}
WordPress Trac
noreply at wordpress.org
Tue Sep 27 20:17:58 UTC 2022
#56671: Not sanitized the relation operator argument in WP_Tax_Query{}
--------------------------+----------------------------------------
Reporter: rudlinkon | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: trunk
Severity: major | Resolution:
Keywords: has-patch | Focuses: privacy, coding-standards
--------------------------+----------------------------------------
Comment (by desrosj):
Hi @rudlinkon,
Thanks for reporting this issue.
However, if you believe that you have discovered a security vulnerability
in WordPress, we ask that you please file a report over on the
[https://hackerone.com/wordpress organization's HackerOne account].
WordPress asks that all contributors follow responsible disclosure
practices. You can read more about this in the
[https://wordpress.org/about/security/ WordPress Security white paper].
This is **something that is taken very seriously**. There is even a
checkbox confirming that a potential security issue is not being reported
when opening a new ticket on Trac (which you had to have checked when
creating this ticket).
As soon as I respond to this ticket, I am going to delete it to prevent
potentially exposing WordPress sites in case this is actually a valid
security issue. But I wanted to provide more details for the future.
Again, anything with potentially sensitive information or detailing a
potential security vulnerability should never be reported publicly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56671#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list