WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Simple File List prior to 4.4.12, which stems from exporting parameters and returning attributes without escaping them. An attacker could use the vulnerability to launch a reflective cross-site scripting attack.