WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior to 1.1.2, which stems from a failure to escape parameters before outputting them back to properties that hide the input. An attacker could exploit this vulnerability to execute JavaScript code on the client side.