An advisory has been issued about a high-severity WordPress vulnerability that makes it possible for attackers to inject arbitrary shortcodes into sites using the WordPress Popular Posts plugin.