WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress WPSchoolPress plugin prior to version 2.1.17, which stems from the use of sanitize_text_field () by The School Management System plugin. () that lacks sanitization filters for user-supplied and output data. An attacker could exploit this vulnerability to inject JavaScript and execute a stored XSS attack.