The FooBox plugin for WordPress, which is used to create lightbox and modal popups, has a security vulnerability that can be exploited by attackers. This vulnerability, known as DOM-based Stored Cross-Site Scripting, allows attackers to insert harmful code into web pages that will run whenever a user accesses that page. This can only be done by authenticated attackers with contributor-level access or higher.