The Bold Page Builder plugin for WordPress has a security issue that allows hackers to inject harmful code into web pages. This can happen when a user with certain privileges adds a widget with a URL attribute. The vulnerability affects all versions up to 4.8.8 and is caused by a lack of proper input sanitization and output escaping. This means that attackers who are logged in and have contributor-level access or higher can insert their own code into pages, which will then run when someone visits that page.