In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CPE | Name | Operator | Version |
---|---|---|---|
api_bearer_auth | eq | < 201997 |