XML External Entity (XXE)
An attack that exploits XML parsers to read local files, perform SSRF, or cause denial of service.
How it works
An attack that exploits XML parsers to read local files, perform SSRF, or cause denial of service.
In WordPress
WordPress XML-RPC and import features can be vulnerable. Disable external entity loading with libxml_disable_entity_loader().
Related terms
WP HealthKit checks for XML External Entity (XXE)-related vulnerabilities automatically
Run a Free Audit