Description
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Remediation
References
Related Vulnerabilities
Liferay DXP Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)
Python Cryptographic Issues Vulnerability (CVE-2013-7040)
WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.14.0.2)
WordPress Plugin PowerPack Lite for Beaver Builder Cross-Site Scripting (1.3.0)
WordPress Improper Input Validation Vulnerability (CVE-2020-35539)