WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Malware Scanner plugin versions prior to 4.5.2 have a cross-site scripting vulnerability that stems from the plugin not cleaning up and escaping some of its settings, which could be exploited by a highly privileged attacker such as an administrator to execute JavaScript code on the client side. The vulnerability can be exploited to execute JavaScript code on the client side.