VYPR

API Bearer Auth

by WordPress

CVEs (1)

  • CVE-2019-16332MedSep 15, 2019
    risk 0.40cvss 6.1epss 0.06

    In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.