WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress postTabs plugin version 2.10.6 and earlier versions are vulnerable to cross-site request forgery, which stems from the plugin’s failure to perform CSRF checks when updating its settings. An attacker could use this vulnerability to cause the logged-in administrator to change its configuration via a CSRF attack.