WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress plugin prior to Google Authenticator 1.0.8, which stems from the plugin’s failure to filter or escape certain settings. An attacker could exploit this vulnerability to perform cross-site scripting attacks when unfiltered_html is disabled.