WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in Wordpress Orange Form Plugin 1.0.1 and prior versions, which stems from the plugin’s failure to perform any authorization and CSRF checks in all of its AJAX calls. An attacker could use this vulnerability to delete arbitrary posts.