WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. cross-site scripting vulnerability exists in versions prior to WordPress Donation Thermometer 2.1.3. The vulnerability stems from the fact that certain settings are not cleaned and escaped, and even if the unfiltered_html feature is disabled, a highly privileged attacker such as an administrator can use the vulnerability to inject cross-site code and launch XSS attacks.