The PHP application running on the remote web server is affected by multiple cross-site scripting vulnerabilities.
According to its version number, the WordPress application running on the remote web server is either version 3.7.x prior to 3.7.8, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.6, 4.1.x prior to 4.1.5, or 4.2.x prior to 4.2.2. It is, therefore, potentially affected by multiple cross-site scripting vulnerabilities : - An HTML file in the Genericons icon font package is vulnerable to a cross-site scripting attack. This package is used in various themes and plugins. - A cross-site scripting vulnerability exists that was only partially fixed in the 4.2.1 release. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Upgrade to WordPress 3.7.8 / 3.8.8 / 3.9.6 / 4.1.5 / 4.2.2 or later.