The Final Tiles Grid plugin for WordPress, which creates photo galleries, has a security issue that allows attackers to inject malicious code into pages. This can be done by adding a CSS class in the plugin’s settings. This could affect any user who views the page, and the attacker only needs contributor-level access to the site.