Findings
- Does not escape all HTML (for example the Template Name field) (capability required appears to be manage_network)
- For some reasonĀ it attempts to strip SCRIPT tags out of template and category descriptions with regular expressions (blogtemplatesfiles/admin/categories_menu.php line 138, blogtemplatesfiles/admin/main_menu.php line 417). It doesn’t work because you can just use `<img onerror=”alert(3)” src=””>` instead. It’s unclear what it’s attempting to prevent
- No other issues found
Failure criteria
- Lack of proper output escaping
Read more about our failure criteria.