A popular plugin for WordPress called Media Cloud, which is used to connect Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean, and other services, has a security vulnerability. This vulnerability, known as Stored Cross-Site Scripting, allows attackers with contributor-level access or higher to inject harmful code on pages that will run whenever a user visits that page.