WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior to 3.6.67. The vulnerability stems from a missing random number check in the access control feature that manages AJAX operations, which can be exploited by an attacker to cause stored cross-site scripting and a limited privilege elevation.