WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress MyCSS plugin 1.1 and earlier versions are vulnerable to cross-site request forgery, which stems from a CSRF check that is not performed when updating its settings, and can be exploited by attackers to attack via CSRF Let the logged-in administrator change the configuration.