WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP Responsive Menu plugin prior to 3.1.7.1, which stems from the plugin’s failure to perform CSRF checks in the wpr_live_update AJAX operation, as well as its failure to clean and escape some submitted data. An attacker could exploit this vulnerability to update the plugin’s settings and perform cross-site scripting attacks on all visitors and users on the front-end.