WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a vulnerability in the ARI Fancy Lightbox plugin fails to clean and escape msg parameters before exporting them to the admin page, which can be exploited by attackers to cause reflected cross-site scripting.