The older versions of WordPress uses unsecured Escape Version in Generator Tag. This tag fails to properly sanitize the input data. This vulnerability will lead to Cross-Site Scripting. An attacker sends text-based attack scripts to exploit the interpreter in the browser. Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application.
The impact include:-