WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. versions prior to WordPress plugin CDI 5.1.9 contain a cross-site scripting vulnerability that stems from the plugin’s failure to clean up and escape parameters before outputting them back to the response of an AJAX operation, which could be exploited by attackers to perform cross-site scripting attacks. exploit this vulnerability to perform cross-site scripting attacks.