Description
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
Remediation
References
Related Vulnerabilities
WordPress Plugin Alojapro Widget Cross-Site Scripting (1.1.15)
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)
SharePoint Improper Input Validation Vulnerability (CVE-2020-1025)
WordPress Plugin Booster for WooCommerce Security Bypass (5.4.3)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975)