WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in the WordPress plugin Site Reviews, which stems from the program’s failure to filter and escape the site-reviews parameter. An attacker could use this vulnerability to steal cookie-based authentication credentials.