WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress OnePress Social Locker plugin version 5.6.2 and prior versions are vulnerable to cross-site request forgery, which stems from a failure to perform CSRF check when updating its settings. An attacker could exploit this vulnerability to allow an attacker to make logged-in administrators change them via a CSRF attack.