A popular plugin called YITH WooCommerce Product Add-Ons for WordPress has a security issue that allows hackers to inject their own content. This can happen because the plugin does not check a field properly before letting it be changed. Anyone can do this without being logged in, which means that anyone can add whatever they want to your website.