WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Taskbuilder plugin versions prior to 1.0.8 have a cross-site scripting vulnerability that stems from its unauthenticated and clean task attachments, which can be exploited by an authenticated attacker (such as a subscriber) to create tasks that execute stored cross-site scripting by attaching malicious SVG file to execute stored cross-site scripting.