Do Phuc

**Name of the Vulnerable Software and Affected Versions** ManageWP Worker versions prior to 4.9.32 **Description** The ManageWP Worker plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin does not properly sanitize input or escape output for values provided in the 'MWP-Key-Name' HTTP request header. Unauthenticated attackers can inject arbitrary web scripts into pages, which then execute when an administrator accesses the plugin's connection management page using debug parameters. **Recommendations** Update the plugin to a version later than 4.9.31.