WordPress is a set of blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce. The vulnerability stems from the program not filtering and escaping the wcj_delete_role parameter before exporting it back to the administration page. An attacker could use this vulnerability to steal cookie-based authentication credentials.