WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPlite plugin 1.3.1 and earlier versions are vulnerable to cross-site request forgery, which stems from a failure to perform CSRF checks when updating its settings, and can be exploited by attackers to CSRF attack to allow the logged-in administrator to change the configuration.