WordPress Reflected Cross-Site Scripting

OWASP 2013-A3 OWASP 2017-A7 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-01

Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application. The old versions of WordPress allowed remote attackers to inject browser executable code using a HTTP response. Due to this vulnerability, the application fails to properly process the codes. When an attacker inserts an executable code as a part of the custom URI or HTTP parameters. The aftermath of this results in Reflected Cross-site Scripting attack.


The major impact include:-

  • Execute malicious code.
  • Unstable the web application.

Mitigation / Precaution

Latest Articles