WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WooCommerce Green Wallet Gateway WordPress plugin prior to 1.0.2, which stems from the plugin’s failure to escape the error _envision query parameter is escaped. An attacker could exploit this vulnerability to cause a reflection cross-site scripting vulnerability.