Access Control: Wordpress Wordfence - Cross-Site Scripting¶

Identifier: wordpress_wordfence_waf_bypass_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress Wordfence is vulnerable to cross-site scripting that can bypass WAF protections, allowing attackers to execute arbitrary scripts.

How we test: We test for XSS vulnerabilities in WordPress Wordfence that can bypass WAF protections by injecting specially crafted payloads and analyzing responses to detect if scripts are executed despite WAF filtering.

Reference:

https://twitter.com/naglinagli/status/1382082473744564226

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wordpress_wordfence_waf_bypass_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.