WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Limit Login Attempts plugin prior to 4.0.72 have a cross-site scripting vulnerability that stems from the plugin not cleaning and escaping some of its settings. An attacker with high privileges, such as an administrator, could exploit this vulnerability to execute JavaScript code on the client side.