WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress SVG Support prior to 2.5. The vulnerability stems from the inability to properly handle SVGs added via URLs, and can be exploited by attackers to launch cross-site scripting attacks.