WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin 3.3.12 and earlier versions have a cross-site scripting vulnerability that vulnerability stems from the program not properly filtering the filename parameter in the ~/includs/ajax/controller/uploads.php file. An attacker could use this vulnerability to add malicious web scripts.