WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Cozmoslabs Profile Builder plugin 3.6.1 and earlier versions have a cross-site scripting vulnerability that originates in the ~/assets/misc/fallback-page.php file site_url parameter is not sufficiently escaped and cleaned up. An attacker could exploit this vulnerability to execute JavaScript code on the client side.