WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which stems from a CSRF check that is not performed when the plugin updates its settings and adds an invitation code. An attacker could exploit this vulnerability to add an invitation code (used to bypass the restrictions provided) and change the plugin settings to a specially crafted website by tricking the admin user into visiting.