A popular plugin for WordPress called “Master Addons” has a security vulnerability that could allow hackers to inject harmful code into web pages. This can happen if the hacker has a certain level of access and clicks on a link within the plugin. This issue affects all versions up to and including 2.0.6.4.