Security component

If you have encountered a security issuesecurity issue A security issue is a type of bug that can affect the security of WordPress installations. Specifically, it is a report of a bug that you have found in the WordPress core code, and that you have determined can be used to gain some level of access to a site running WordPress that you should not have. that isn’t addressed in a released version of WordPress, please report it to the WordPress HackerOne program. For more, see our Security FAQ in the handbook.

Recent posts on the make/coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. blogblog (versus network, site)

View all posts tagged security.

52 open tickets in the Security component

52 open tickets defect (bug) enhancement feature request task (blessed)
5.8 2 1 0 0
Awaiting Review 12 18 3 0
Future Release 4 8 3 1

52 open tickets. Last 7 days: -1 ticketticket Created for both bug reports and feature development on the bug tracker.

6 tickets that have no replies

View list on Trac

  • #43215  Allow wp_kses to pass allowed CSSCSS Cascading Style Sheets. properties
  • #51159  Let's expand our context specific escaping methods for wp_json_encode(). javascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. template coding-standards
  • #51611  Escape echoing Core functions
  • #52333  Lack of the : entity on the list of allowed entity names in kses.php
  • #52388  Use HTTPSHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information. URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org already during installation if supported
  • #53019  The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages. rtl

3 tickets slated for 5.8

View list in Trac

  • #50828  Update ca-bundle.crt and remove expired certificates
  • #51407  Remove inline event handlers and JavaScript URIs for Strict CSP-compatibility javascript
  • #53020  Stored XSS via «View details» pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party iFrameiframe iFrame is an acronym for an inline frame. An iFrame is used inside a webpage to load another HTML document and render it. This HTML document may also contain JavaScript and/or CSS which is loaded at the time when iframe tag is parsed by the user’s browser. administration

52 open tickets

Open enhancements: 27 View list on Trac
Open tasks: 1 View list on Trac
Open feature requests: 6 View list on Trac

Help maintain this component

Component maintainers:

Many contributors help maintain one or more components. These maintainers are vital to keeping WordPress development running as smoothly as possible. They triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. new tickets, look after existing ones, spearhead or mentor tasks, pitch new ideas, curate roadmaps, and provide feedback to other contributors. Longtime maintainers with a deep understanding of particular areas of core are always seeking to mentor others to impart their knowledge.

Want to help? Start following this component! Adjust your notifications here. Feel free to dig into any ticket.

Contributors following this component: