WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The WordPress Modal Window plugin was vulnerable to cross-site request forgery prior to 5.2.2. The vulnerability stems from the plugin’s failure to effectively filter calls to remote file resources in the wow-company administration menu page, which can be exploited to include arbitrary files with PHP file with a PHP extension to execute arbitrary code.