WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a lack of nonce validation via the Krisp_plugin_settings_page function in the ~/crisp.php file, which could be exploited by an attacker to exploit this vulnerability to inject JavaScript and execute a stored XSS attack.