garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated WordPress Plugin Security Testing Cheat Sheet (markdown)

Erwan
2021-07-29 07:49:26 +02:00
parent d32ad315ba
commit ab44e136a3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
WordPress-Plugin-Security-Testing-Cheat-Sheet.md

@@ -33,7 +33,7 @@ The [Log HTTP Requests](https://wordpress.org/plugins/log-http-requests/) WordPr
### DISALLOW_UNFILTERED_HTML ### DISALLOW_UNFILTERED_HTML
When doing dynamic testing for XSS the following setting in the wp-config.php file may reduce false positive results as it prevents administrative and editor users from being able to embed/execute JavaScript/HTML, which by default they are permitted to do. When doing dynamic testing for XSS the following setting in the wp-config.php file may reduce false positive results as it prevents administrative and editor users from being able to embed/execute JavaScript/HTML, [which by default they are permitted to do](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html).
``` ```
define( 'DISALLOW_UNFILTERED_HTML', true ); define( 'DISALLOW_UNFILTERED_HTML', true );