WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin WooCommerce prior to 1.1.10. The vulnerability stems from the fact that the WooCommerce WordPress plugin’s order tracking does not disinfect and escape the file url before outputting it to the administration page. An attacker could use this vulnerability to execute JavaScript code on the client side.