WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Generate PDF 3.6. The vulnerability stems from the fact that cleanup and escaping are not set for it, and a highly privileged attacker such as an administrator can use the vulnerability to launch a cross-site scripting attack.