A popular plugin for WordPress called Blockspare has a security issue that can allow attackers to inject harmful code into certain pages. This can happen if the attacker has contributor-level access or higher. The issue is present in versions up to 3.2.4 and is caused by not properly filtering and protecting input and output.