A plugin for WordPress called Yet Another Stars Rating (YASR) had a security issue in versions before 0.9.1. This issue allowed attackers to inject malicious code into the system by using the “set_id” parameter in a function called “”yasr_get_multi_set_values_and_field””.