WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress Plugins is a WordPress open source application plugin. WordPress Plugins suffers from a cross-site scripting vulnerability that stems from insufficient cleanup of user-supplied data in the Popup Anything plugin. An authenticated remote attacker could inject and execute arbitrary HTML and script code in the user’s browser in the context of a vulnerable website. The vulnerability can be exploited by remote attackers to execute cross-site scripting (XSS) attacks.