Tag
The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'MWP-Key-Name' HTTP request header, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator visits the plugin's connection management page with debug parameters; this affects all versions up to and including 4.9.31.