WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Backup Scheduler 1.5.13 and earlier versions contain a cross-site request forgery vulnerability, which stems from a WEB application that does not adequately verify that requests are coming from trusted users. An attacker could exploit the vulnerability to spoof malicious requests to trick victims into clicking through to perform sensitive actions.