WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress plugin is an application plugin. WordPress Tiny Contact Form plugin version 0.7 and earlier is vulnerable to cross-site request forgery, which stems from the plugin’s failure to perform CSRF checks when updating its settings. An attacker could use this vulnerability to make changes to the logged-in administrator via a CSRF attack.