WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WP Affiliate Platform 6.3.9 and previous versions are vulnerable to a cross-site scripting vulnerability caused by insufficient cleanup and output escaping of the $_SERVER[ REQUEST_URI ] parameter, which could be exploited to inject cross-site code and launch an XSS attack.