WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress LifterLMS PayPal plugin prior to 1.4.0, which stems from the plugin’s failure to clean up and escape them before exporting them back to the page. An attacker could use this vulnerability to execute JavaScript code on the client side.