WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin WP Shopping Pages version 1.14 and earlier versions, which stems from the absence of CSRF checking in certain places and a lack of cleanup and escaping. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a crafted payload.