WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerability stems from the plugin’s failure to properly escape the whatX parameter before outputting it back to the property, which can be exploited by attackers to cause reflection cross-site scripting issues.