The Master Addons plugin for WordPress has a security issue that can allow hackers to inject harmful code into websites. This can happen because the plugin does not properly clean up the code that is entered into the ‘url’ section. This means that attackers who have certain permissions can add code to a page that will run whenever someone visits that page.