WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Ultimate Member plugin version 2.3.2 and earlier versions contain a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping. An attacker could exploit this vulnerability to encode malicious Web scripts using HTML coding and reflect them on the page.