WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress My Private Site plugin version 3.0.8 or earlier is vulnerable to cross-site request forgery, which stems from a CSRF check that is not performed when the plugin updates its settings. This vulnerability allows logged-in administrators to change the configuration through a CSRF attack.