A plugin called SKT Templates, used for designing websites on WordPress, has a security issue called Reflected Cross-Site Scripting in versions up to 6.14. This means that if someone without access to the website tricks a user into clicking on a link, they can inject harmful code into the website.