Skip to content

Access Control: WordPress Wordfence 7.4.6 - Cross0Site Scripting

Identifier: wordpress_wordfence_xss

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting, allowing attackers to execute arbitrary scripts in users' browsers.

How we test: We test for XSS vulnerabilities in WordPress Wordfence by injecting malicious payloads and analyzing responses to detect if scripts are executed in the browser.

Configuration

Example

Example configuration:

---
security_tests:
  wordpress_wordfence_xss:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.