WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Ocean Extra plugin 1.9.5, which stems from the plugin’s failure to escape generated links. An attacker could exploit this vulnerability to execute JavaScript code on the client side.