6 matches found
CVE-2019-16332
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...
CVE-2019-16332
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...
Cross site scripting
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...
CVE-2019-16332
CVE-2019-16332 affects the WordPress API Bearer Auth plugin prior to 20190907. The vulnerability arises from improper filtering of the server parameter in swagger-config.yaml.php, enabling cross-site scripting (XSS) and injection of malicious scripts. The issue is documented across multiple sourc...
WordPress API Bearer Auth 20181229 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary scri...
API Bearer Auth <= 20181229 - Unauthenticated Reflected XSS
The server GET parameter of the swagger/swagger-config.yaml.php file is affected by a reflected XSS issue. /wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=alert"XSS"...