WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress Compact WP Audio Player plugin in versions prior to 1.9.7, which stems from the fact that the web application does not adequately verify that the request is from a trusted user. An attacker could use a CSRF attack to cause the login administrator to change the “Disable Sync Play” setting.