The myCred plugin for WordPress has a security issue that allows attackers to inject harmful code into pages. This can happen when a user with contributor-level access or higher adds a specific attribute to the code. This could potentially harm users who access the affected pages.