WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Site Offline or Coming Soon plugin version 1.6.6 and earlier are vulnerable to cross-site request forgery due to a failure to perform CSRF checks are not performed when updating its settings, and there is a lack of cleanup and escaping. An attacker could use this vulnerability to cause the logged-in administrator to make changes and place a cross-site script payload via a CSRF attack.