A plugin called “WP Sessions Time Monitoring Full Automatic” for WordPress has a security issue that allows hackers to inject harmful code into web pages. This can happen if a user is tricked into clicking on a link. It affects versions up to and including 1.1.1.