CVE-2020-27356 – Debug Meta Data <= 1.1.2 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-27356

The debug-meta-data plugin 1.1.2 for WordPress allows XSS. El plugin debug-meta-data versión 1.1.2 para WordPress, permite un ataque de tipo XSS The Debug Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the a user's user-agent HTTP header value. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/ahmadawais/debug-meta-data/blob/master/changelog.md https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0009/MNDT-2021-0009.md https://wordpress.org/plugins/debug-meta-data/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •