WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to 4.1.1, which stems from not properly cleaning and escaping parameters before exporting them back to AJAX operations. parameters before outputting them back to the AJAX operation. An attacker could exploit this vulnerability to execute JavaScript code on the client side.