WordPress Plugin Vulnerabilities

API Bearer Auth < 20190908 - Unauthenticated Reflected XSS

Description

The server GET parameter of the swagger/swagger-config.yaml.php file is affected by a reflected XSS issue.

Proof of Concept

Affects Plugins

Plugin icon
api-bearer-auth
Fixed in 20190908

References

CVE
CVE-2019-16332
URL
https://packetstormsecurity.com/files/#154369/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ricardo Sanchez
Verified
Yes
WPVDB ID
8e12ba5d-9a85-47db-a2e2-18097fd17043

Timeline

Publicly Published
2019-09-05 (about 6 years ago)
Added
2019-09-06 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-07-17
Title
Knowledge Base < 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug
Published
2017-10-08
Title
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
Published
2024-10-21
Title
WP Flow Plus < 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-21
Title
Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-17
Title
WOLF < 1.0.7.2 - Admin+ Stored XSS