WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin, and a SQL injection vulnerability exists in versions of the WordPress OWM Weather plugin prior to 5.6.9. The vulnerability stems from not properly cleaning and escaping parameters before using them in SQL statements, and can be exploited by low privilege attackers to launch SQL injection attacks .