WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to WordPress Custom Font Uploader plugin 6.2.1, which stems from the lack of cleanup and escaping of submitted data on the back end. An attacker could exploit this vulnerability to execute JavaScript code on the client side.