WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Simple Membership plugin prior to 4.0.9. The vulnerability stems from the fact that the Simple Membership plugin does not have CSRF checks when deleting members in bulk, and an attacker could exploit this vulnerability to by launching a CSRF attack.