WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Member Hero plugin version 1.0.9 and earlier versions are vulnerable to code injection, which stems from not validating request parameters in AJAX operations. An attacker can use this vulnerability to invoke arbitrary PHP functions without parameters.