WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress plugin Simple Post Notes prior to 1.7.6 are vulnerable to a cross-site scripting vulnerability that stems from the plugin’s failure to clean up and escape certain of its settings, which could be exploited by attackers to perform cross-site scripting attacks. vulnerability can be exploited to perform cross-site scripting attacks.