WordPress is a blogging platform developed using the PHP language. WordPress plugin Thank Me Later 3.3.4 and previous versions have a cross-site scripting vulnerability that stems from the plugin’s failure to clean up and escape message subject fields before they are exported to the message list, which can be exploited by attackers to perform cross-site scripting attacks.