[wp-trac] [WordPress Trac] #65222: Request for review regarding PDF rendering behavior in WordPress File Block
WordPress Trac
noreply at wordpress.org
Tue May 12 13:21:16 UTC 2026
#65222: Request for review regarding PDF rendering behavior in WordPress File Block
-----------------------------+-----------------------------
Reporter: shilpaashokan94 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.9.4
Severity: major | Keywords:
Focuses: |
-----------------------------+-----------------------------
I previously submitted a private report through the WordPress HackerOne
program regarding PDF rendering behavior observed in the WordPress File
Block and would like to request clarification/review from the appropriate
team.
HackerOne Report ID: 3657944
Test Environment:
WordPress 6.9.4
Default Gutenberg/File Block
No external PDF plugins
Chrome browser
Observed Behavior:
When PDF files containing active content are uploaded through the File
Block and opened from the frontend, script execution behavior may occur
depending on browser rendering.
I am intentionally avoiding public disclosure of detailed proof-of-concept
files or technical payload information because the matter was already
reported privately through HackerOne.
This ticket is only intended as a follow-up/request for review and
guidance regarding the observed behavior and whether additional
investigation is required.
Please let me know if further details should be shared privately with the
security team.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65222>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list