WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which stems from a cross-site request forgery in the FPD_Admin_Import class. The vulnerability can be exploited to upload malicious files to gain webshell access to the server.