mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
787 B
787 B
CVE-2019-16332
Description
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
POC
Reference
- https://packetstormsecurity.com/files/154369/WordPress-API-Bearer-Auth-20181229-Cross-Site-Scripting.html
- https://wpvulndb.com/vulnerabilities/9868