[wp-trac] [WordPress Trac] #65076: Missing escaping in title tag
WordPress Trac
noreply at wordpress.org
Wed Apr 15 03:41:08 UTC 2026
#65076: Missing escaping in title tag
------------------------------+-----------------------------
Reporter: maheshpatel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords: has-patch
Focuses: coding-standards |
------------------------------+-----------------------------
**Missing escaping in `<title>` tag** ⭐ TOP PICK
- **File:** [src/wp-login.php](src/wp-login.php#L97)
- **Line:** 97
- **Problem:** `<title>` tag outputs `$login_title` without escaping.
Special characters could break HTML structure.
- **Severity:** Security best practice
- **Current Code:**
<title><?php echo $login_title; ?></title>
- **Fix:**
<title><?php echo esc_html( $login_title ); ?></title>
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65076>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list