WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerabilities exist in versions of the WordPress plugin Five Star Business Profile and Schema prior to 2.1.7, which stem from the plugin’s lack of any authorization and cross-site request forged token checks in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX operations without any authorization and cross-site request forged token checks, allowing any authenticated user (such as a subscriber) to invoke them. In addition, the lack of filtering and escaping can lead to stored cross-site scripting issues. No detailed vulnerability details are currently available.