WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. Cross-site scripting vulnerability exists in versions of WordPress File Upload plugin prior to 4.16.3, which stems from the plugin allowing users with permissions as low as Contributor The vulnerability is caused by the plugin allowing users with permissions as low as Contributor to upload SVG files, which can be exploited by attackers to perform cross-site scripting attacks.