Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. If your theme or plugins process XML/XSLT, ensure user input is never incorporated into stylesheets.

  2. Use SimpleXML or DOMDocument with entity loading disabled:

    libxml_disable_entity_loader(true);

  3. Install a WAF plugin (e.g., Wordfence) to detect and block XSLT injection attempts.

Back to top