WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The WordPress WP Coder plugin has a file inclusion vulnerability in versions prior to 2.5.2, which stems from the fact that the wow-company administration menu page does not effectively filter calls to remote file resources, and can be exploited to include arbitrary files with PHP extensions to execute arbitrary code.