[wp-trac] [WordPress Trac] #58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
WordPress Trac
noreply at wordpress.org
Fri May 19 04:41:18 UTC 2023
#58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
--------------------------+-----------------------
Reporter: jorcus | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.2.2
Component: Shortcodes | Version: 6.2.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by lanacodes):
I would also like to draw everyone's attention here, as I have practical
experience of what this vulnerability can cause:
**This vulnerability in block templates makes vulnerabilities in
shortcodes unuath vulnerabilities, which can be very serious.**
I alone have reported more than 400 shortcode stored XSS vulnerabilities
in plugins. Among them in plugins with 100k+ and 1M+ and 3M+ active
installs.
Obviously, users should update these plugins.
**Don't share code that enables shortcodes in block templates.**
**Don't make it possible to enable the shortcode in the block templates in
the settings.**
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58333#comment:86>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list