WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Photo Gallery plugin prior to 1.6.4, which stems from a failure to properly validate and escape certain of its settings. An attacker could exploit this vulnerability to execute JavaScript code on the client side.