CVE-2016-10964

CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

Source: CVE-2016-10964