A popular plugin for WordPress called APIExperts Square for WooCommerce has a security issue that allows attackers to inject harmful code into web pages. This can happen when a user visits a page that has been injected. The vulnerability has been found in versions up to 4.2.9.