WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress Turn off all comments plugin, which stems from a failure to clean and escape rows parameters before outputting them back to the admin page, and can be exploited to execute JavaScript code on the client side .