A popular plugin for WordPress called “WP Mobile Menu” has a security flaw that allows hackers to add harmful code to website pages. This can happen if the hacker has author access or higher. The plugin is vulnerable in all versions up to 2.8.4.2 because it doesn’t properly clean up input and output data.