WordPress is a blogging platform developed using the PHP language. WordPress plugin Countdown & Clock version 2.3.2 and previous versions have a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting attacks.