The Popup Maker plugin for WordPress, which is used for creating popups for opt-ins and lead generation, has a security vulnerability. This means that hackers with certain permissions can insert harmful code into pop-up pages, which will then be executed when a user opens the page. This vulnerability exists in all versions of the plugin up to 1.18.2.