CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

Cross site scripting

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

CVE-2019-16332

CVE-2019-16332 affects the WordPress API Bearer Auth plugin prior to 20190907. The vulnerability arises from improper filtering of the server parameter in swagger-config.yaml.php, enabling cross-site scripting (XSS) and injection of malicious scripts. The issue is documented across multiple sourc...

API Bearer Auth <= 20181229 - Unauthenticated Reflected XSS

The server GET parameter of the swagger/swagger-config.yaml.php file is affected by a reflected XSS issue. /wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=alert"XSS"...

WordPress API Bearer Auth 20181229 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary scri...