WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress LoginPress Plugin prior to 1.5.12. The vulnerability stems from the plugin’s failure to escape redirect page parameters before outputting them back to the property, which can be exploited to execute JavaScript code on the client side .