WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Ninja Forms Contact Form plugin prior to version 3.6.10, which stems from a failure to sort and escape some imported data. An attacker could exploit this vulnerability to perform cross-site scripting attacks.