WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Analytics for WP plugin 1.5.1 and earlier versions contain a cross-site scripting vulnerability that stems from the failure to clean and escape certain settings, including the disabled unfiltered_html feature, which could be exploited by a highly privileged attacker such as an administrator to launch a stored cross-site scripting attack. An attacker with high privileges, such as an administrator, could use the vulnerability to launch a stored cross-site scripting attack.