WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for WordPress, which stems from the ewd_ufaq_welcome_add_FAQ and ewd_ufaq_welcome_add_FAQ_ pages There is no functionality and CSRF checking in AJAX operations. An attacker could use this vulnerability to delete arbitrary posts.