WordPress Reflected Cross-Site Scripting

OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.7 OWASP PC-C4 CAPEC-591 CWE-79 HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-08 WSTG-INPV-01

Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application. The old versions of WordPress allowed remote attackers to inject browser executable code using a HTTP response. Due to this vulnerability, the application fails to properly process the codes. When an attacker inserts an executable code as a part of the custom URI or HTTP parameters. The aftermath of this results in Reflected Cross-site Scripting attack.


The major impact include:-

  • Execute malicious code.
  • Unstable the web application.

Mitigation / Precaution

Latest Articles