The FooBox plugin for WordPress, called the Lightbox & Modal Popup WordPress Plugin, has a security vulnerability in all versions up to 2.7.27. This vulnerability allows attackers with administrator-level permissions to inject harmful web scripts into pages, which will be executed when a user visits the affected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.