WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Quick Subscribe plugin version 1.7.1 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of CSRF checks. An attacker could exploit this vulnerability to make logged-in administrators change them via a CSRF attack.