output in XML without escaping

maheshpatel27 · maheshpatel27 · commit c69af021e589 · 2026-04-09T15:05:46.000+05:30
diff --git a/src/wp-trackback.php b/src/wp-trackback.php
@@ -34,7 +34,7 @@ function trackback_response( $error = 0, $error_message = '' ) {
 		echo '<?xml version="1.0" encoding="utf-8"?' . ">\n";
 		echo "<response>\n";
 		echo "<error>1</error>\n";
-		echo "<message>$error_message</message>\n";
+		echo "<message>" . wp_kses_post( $error_message ) . "</message>\n";
 		echo '</response>';
 		die();
 	} else {
