WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Scripts Organizer versions prior to 3.0 are vulnerable to arbitrary file uploads, which stem from a lack of validation of uploaded files in the action parameter of wp-admin/admin-ajax.php. An attacker could exploit the vulnerability to upload malicious files to remotely execute arbitrary code.