WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Newsletter plugin prior to 7.4.6. The vulnerability stems from a failure to escape and clean up the preheader_text setting, a high privilege An attacker could exploit this vulnerability to execute a stored cross-site scripting attack when unfilteredhtml is disabled.