WordPress is the WordPress (Wordpress) Foundation’s set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in the Page View Count plugin for WordPress prior to 2.4.9, which fails to escape the postid parameter of the pvc_stats shortcode, allowing users down to the Contributor role to perform stored XSS attack. No details of the vulnerability are currently available.