The Page Builder: Pagelayer WordPress plugin prior to 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.
pagelayer pagelayer
Vulmon