WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress WP Reactions Lite plugin prior to 1.3.6. The vulnerability stems from a failure to properly clean up input on the wp-admin page, which could be exploited by an attacker with sufficient access to inject XSS loads into the /wp-admin/ page to inject XSS loads.