[wp-trac] [WordPress Trac] #58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
WordPress Trac
noreply at wordpress.org
Wed May 17 12:59:04 UTC 2023
#58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
--------------------------+-----------------------
Reporter: jorcus | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.2.2
Component: Shortcodes | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by asafm7):
@SergeyBiryukov
I'm by no means a security expert, but it makes sense to me that if an
unauthorized user can't modify the content of a block template, there is
no problem with allowing shortcodes there (the same way blocks are
allowed).
If, on the other hand, an unauthorized user *can* modify the content of a
block template, the issue is much bigger than shortcodes.
The example given here is submitting a comment:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-core
/wordpress-core-621-shortcode-execution-in-user-generated-
content?asset_slug=wordpress
But the comments' content isn't part of the block template content, so I
can't see the problem.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58333#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list