WordPress is a set of blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce, which stems from the program not filtering and escaping the wcj_notice parameter before outputting it back to the administration page. An attacker could use this vulnerability to steal cookie-based authentication credentials.