WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress One Click Plugin Updater plugin version 2.4.14 and earlier is vulnerable to cross-site request forgery, which stems from the plugin’s failure to perform CSRF check when updating its settings. An attacker could use this vulnerability to cause the logged-in administrator to change its configuration and disable/hide the flagging of available updates and related checks.