WordPress Security: OWASP 2017 – A4 XML External Entities (XXE)

XXE attacks exploit XML processors by executing malicious XML files. This can be exploited by attackers if a web-based application allows its user to upload XML files.

WordPress inherently disables custom XML loading. This prevents External Entity and Entity Expansion attacks.

Reference:

OWASP 2017: XML External Entities

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.