WordPress Escape Version in Generator Tag

The older versions of WordPress uses unsecured Escape Version in Generator Tag. This tag fails to properly sanitize the input data. This vulnerability will lead to Cross-Site Scripting. An attacker sends text-based attack scripts to exploit the interpreter in the browser. Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application.

Impact

The impact include:-

  • Execute malicious code
  • Unstable web application

Impact and Fixes

Latest Articles