WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress WPQA Builder prior to 5.9. The vulnerability stems from the lack of cross-site request forgery checks when tracking and untracking users. An attacker could use the vulnerability to launch a CSRF attack.