CVE-2015-9430 (crazy_bone)

The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.
Source: NIST
CVE-2015-9430 (crazy_bone)