Security for everyone

CVE-2019-16332 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Wordpress plugin api-bearer-auth affects v. before 20190907.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




The api-bearer-auth plugin is a software used in WordPress to provide authentication with bearer tokens for various APIs. It is an open-source plugin that can be used by developers to secure API requests. This plugin is designed to allow users to easily protect their applications from unauthorized access. Its primary function is to authenticate users by validating their bearer tokens. 

However, the plugin has been discovered to have a critical vulnerability known as CVE-2019-16332. This vulnerability was detected in the plugin's swagger-config.yaml.php file, where the server parameter is not correctly filtered, making it possible for an attacker to inject malicious JavaScript code. Such an attack is known as cross-site scripting (XSS) and, if successful, can compromise the entire system, placing crucial data at the mercy of cybercriminals. 

If the CVE-2019-16332 vulnerability is exploited, a malicious actor can take over an authenticated user's account, steal their credentials, and access the sensitive data that the API stores. Additionally, the attacker can leverage the compromised account to launch further attacks on other users in the same system, stealing more valuable data and causing other damages. 

In conclusion, the security of WordPress and its plugins is of utmost importance for website owners. It is crucial to be aware of all potential vulnerabilities and to take preventative measures to avoid any incidences. With the pro features of the platform, website owners and developers can quickly identify and remediate any vulnerabilities in their digital assets. By taking these precautions and utilizing the platform, users can secure their websites and protect them from cyber attacks.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture