WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to clean and escape the id parameter before outputting it back to the property, which could be exploited by an attacker to Execute JavaScript code.