WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in WordPress CPO Shortcodes plugin 1.5.0 and prior versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data, which can be exploited by attackers to launch cross-site scripting attacks.