WordPress is a blogging platform developed by the WordPress (Wordpress) Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System Plugin for WordPress plugin prior to version 4.21.1, which stems from the plugin generating links for editing The vulnerability is caused by a reflection-based cross-site scripting issue when the plugin does not properly filter, validate, or encode query strings when generating links for editing a user’s own profile. No details of the vulnerability are currently available.