WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of WordPress prior to WP Statistics 13.2.2, which stems from the plugin’s failure to clean the REQUEST_URI parameter before outputting it back to the rendered page. The vulnerability can be exploited by attackers to cause cross-site scripting (XSS) in web browsers with unencoded characters.