A plugin called Ads.txt & App-ads.txt Manager for WordPress has a security issue that allows attackers to insert harmful code into certain pages. This can only happen if the attacker has high-level access and the plugin is being used on a multi-site or has certain security settings disabled.