In general, WP-Syntax plugin is the most popular plugin for WordPress to provide clean syntax highlighting for embedding source code within pages or posts. It uses the library, called GeShi, that implements all the functionality to review the syntax for each language HTML-code.
The vulnerability of this plugin is that the script works outside the context of WordPress. There is successfully executing arbitrary code, called call_user_func_array(). Also, there are several valid sequences of function
calls that let execute any code.
Update the plugin.
Found a vulnerability that puts your sites at risk?