Javascript can be saved in the post title

  • Resolved AlanP57

    (@alanp57)


    2 years, 9 months ago

    I’m testing for cross-site scripting vulnerabilities in WordPress 5.9 and found that a line of Javascript code typed into the post title gets saved to the database and executed when the post is displayed. Shouldn’t the post title be sanitized?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Javascript can be saved in the post title’ is closed to new replies.