WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Visual CSS Style Editor plugin in versions prior to 7.5.4 has a cross-site scripting vulnerability that stems from not cleaning up and escaping the wyp_page_type parameter. An attacker could use this vulnerability to execute JavaScript code on the client side.