A plugin called Ivory Search, used for WordPress websites, has a security issue that allows attackers to insert harmful code into certain pages. This can only happen on websites that have multiple sites or have disabled a certain security feature. If an attacker has high-level access, they can exploit this vulnerability.