WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5.2, which stems from a cross-site request forgery check not being performed when updating scheduled backup settings. An attacker could use this vulnerability to get the logged-in administrator to change the configuration via a CSRF attack.