WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Podcast Subscribe Buttons plugin in versions prior to 1.4.2, which stems from a lack of checksum filtering of user-supplied data and output data at the plugin’s edit or add posts. An attacker could exploit this vulnerability to inject JavaScript and execute a stored XSS attack.