The FooBox plugin for WordPress, called “Lightbox & Modal Popup,” has a security issue where attackers with certain access levels can inject harmful code into web pages that use the plugin. This can happen because the plugin does not properly clean up or filter out dangerous code from the image descriptions.