A popular plugin for WordPress called “Helpie WordPress FAQ Accordion” has a security vulnerability that can allow hackers to inject harmful code into certain pages. This can only happen on sites with multiple installations or those where a certain security setting is turned off. The vulnerability has been found in all versions up to 1.27.