WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WP Affiliate Platform 6.3.9 and previous versions have a cross-site scripting vulnerability that stems from inadequate input cleanup and output escaping, which can be exploited by an authenticated attacker to inject cross-site code and launch XSS attacks.