WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Shortcodes and extra features for Phlox plugin versions prior to 2.9.8 contain a cross-site scripting vulnerability that stems from a failure to clean and escape parameters before they are output back to the response. The vulnerability is caused by a failure to clean and escape parameters before exporting them back to the response, which can be exploited to perform cross-site scripting attacks.