A plugin called “Shared Files” used for uploading and sharing files on WordPress websites has a security issue. This means that hackers can insert harmful code into the plugin, allowing them to access and control the website. This can happen when a user uploads an HTML file, and the plugin does not properly check and clean the code. This vulnerability affects all versions up to 1.7.48, making it possible for hackers to attack even if they are not logged in.