WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Donorbox 7.1.7. The vulnerability stems from the fact that the plugin does not clean up and escape its URL settings before outputting them to properties, which can be exploited by attackers to conduct cross-site attacks.