A popular plugin for WordPress called “Post Slider and Post Carousel with Post Vertical Scrolling Widget” has a security vulnerability. This means that attackers with high-level access to the website can insert harmful code into certain pages, which will then run when someone visits those pages. The vulnerability exists in all versions up to and including 3.2.9, and only affects multi-site installations or those with a certain setting disabled.