WordPress plugin is a WordPress open source application plugin. WordPress plugin HAL has a cross-site scripting vulnerability that originates from several parameters in the ~/wp-hal.php file leading to insufficient input validation and cleanup, which can be exploited by an attacker with administrative user access to inject arbitrary Web scripts.