The Quick Paypal Payments plugin for WordPress is not secure in versions up to 5.7.25. This means that someone with administrative-level access on a multi-site installation or one where unfiltered_html is disabled can inject certain words and phrases into the settings. When a user accesses the page that has been injected with these words and phrases