WordPress plugin is a WordPress open source application plugin. WordPress Customize Login Image Plugin version 3.4 contains a cross-site scripting vulnerability that can be exploited by attackers to cause arbitrary code (JavaScript) to run when a user’s browser connects to a trusted website.