[wp-trac] [WordPress Trac] #43308: Alter behavior load-scripts.php and load-styles.php to reduce potentially adverse scenarios
WordPress Trac
noreply at wordpress.org
Tue Feb 28 19:14:18 UTC 2023
#43308: Alter behavior load-scripts.php and load-styles.php to reduce potentially
adverse scenarios
---------------------------+---------------------
Reporter: youngcp | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.0
Component: Script Loader | Version: 4.9.4
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses:
---------------------------+---------------------
Comment (by dgilfillan):
Hi, I'm hoping one of you might be able to help. I realise this ticket is
marked as closed and suggests the CVE-2018-6389 exploit has been patched.
But in the latest WordPress v6.1.1 its still seems an unauthenticated user
can make a request to /wp-admin/load-scripts.php and pull a concataned
file full of js scripts?
If it has been fixed, would someone be able to give me a plain english run
down of how the exploit is now prevented?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43308#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list