Description
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2007-5523 Vulnerability (CVE-2007-5523)
WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.4.43)
WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-35133)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)