[wp-trac] [WordPress Trac] #65054: $_GET['pagenow'] and $_GET['widget'] unsanitized in dashboard AJAX handler
WordPress Trac
noreply at wordpress.org
Mon Apr 20 17:47:30 UTC 2026
#65054: $_GET['pagenow'] and $_GET['widget'] unsanitized in dashboard AJAX handler
-------------------------------------------------+-------------------------
Reporter: rajeshcp | Owner: rajeshcp
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting
| Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-test- | Focuses:
info |
-------------------------------------------------+-------------------------
Changes (by westonruter):
* severity: major => normal
Comment:
Do not report "major" security issues in Trac. Use
[https://hackerone.com/wordpress HackerOne] instead.
Regardless, this seems to be a hardening not an exploitable vulnerability.
(And if it is, do //not// disclose so here publicly.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65054#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list