The End of Cross-Site Scripting: WordPress 5.1.1 Released

Older versions of WordPress make all posts vulnerable to cross-site scripting. But the cross-site scripting vulnerability in WordPress is a thing of the past now since the release of v5.1.1. The WordPress team have introduced several fixes in this new version. But first – What does a cross-site scripting vulnerability actually mean?

Dangers of cross-site scripting

Every website which has comments enabled is in danger of cross-site scripting because of the way comments are stored in the database. An attacker only needs a maliciously-crafted comment, their own website and a tricked WordPress admin. If that particular admin visits the malicious website, a cross-site request forgery (CSRF) exploit will run against the WordPress blog. That CSRF could lead to Remote Code Execution and a full take-over of the WordPress site. And you, the admin, won’t notice anything – until it’s too late.

How WordPress solved cross-site scripting vulnerabilities

WordPress 5.1.1 introduced many fixes and enhancements, but most importantly XSS-related ones. These work with the way comments are filtered. The fastest solution is to disable comments entirely – but who wants to create a non-inclusive space? The other option is to keep your WordPress sites regularly maintained. So we suggest you download the latest WordPress  5.1.1 version to safeguard your business.

Since WordPress is responsible for 30% of all websites, millions of sites are in danger. So if you’re a WordPress administrator, don’t fall victim to cross-site scripting. Also, be careful not to make these common website mistakes .

Perform a security check with WP Toolkit

Did you know that Plesk lets you experience one of the best WordPress Security Solutions? You can secure all your instances, plugins, and themes all from one dashboard. But you can also use WP Toolkit for its many other capabilities that simplify your WordPress admin workload tenfold. All you need is to install the Plesk all-in-one control panel first.

Find out more about the latest Remote WordPress Management release on Plesk WP Toolkit 4.0

Experienced cross-site scripting ? Tell us what you think of the new WordPress solution in the comments below

arrow icon - Plesk


  1. i have issue in this code “alert(“plesk”);” unable to load

Add a Comment

Your email address will not be published. Required fields are marked *


  • Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

Related Posts

Knowledge Base

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.