WordPress is a free and open source content management. The application is built around PHP and MySQL. The main feature of WordPress includes a template system and plugin architecture. The primary users of WordPress include blogging, basic mailing list, forums, online store and many more. More than 60 million websites are using WordPress. WordPress is also used in other fields like PDS(Pervasive Display System).
The WordPress plugin is used to add features into the WordPress site. The plugins are available at https://wordpress.com/plugins. The main difference between a WordPress plugin and a WordPress theme is that the plugin controls the behaviour and features of WordPress, while themes control the presentation. A vulnerable plugin can compromise the application to attacks like XSS, SQL injection and many more. Plugins like buddyboss-media, nlinks and many more are vulnerable to attacks like stored XSS, authenticated SQL injection and many more.
The impact include:-