WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress My wpdb plugin versions prior to 2.5 are vulnerable to cross-site request forgery, which stems from a lack of CSRF checks when running SQL queries, and can be exploited to allow a logged-in administrator to execute arbitrary SQL queries.