RSS   Vulnerabilities for 'Api bearer auth'   RSS

2019-09-15
 
CVE-2019-16332

CWE-79
 

 
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

 


Copyright 2019, cxsecurity.com

 

Back to Top