CVE-2018-10102

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 955,280 bad guys.