WordPress Escape Version in Generator Tag

OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 CWE-79 WSTG-INFO-08

The older versions of WordPress uses unsecured Escape Version in Generator Tag. This tag fails to properly sanitize the input data. This vulnerability will lead to Cross-Site Scripting. An attacker sends text-based attack scripts to exploit the interpreter in the browser. Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application.


The impact include:-

  • Execute malicious code
  • Unstable web application

Impact and Fixes

Latest Articles