I've encountered a rather worrying issue on our live site where we're using the Achievements plugin. In the "give" screen where there's a prompt saying "Select people to give this Achievement to.", a link has been inserted somehow. Here's the link I'm given if I hover over it:
(see bottom left corner)
I can not confirm that this issue is specific to Achievements, but I have yet to discover any other exploit on our site.
Please reply with your recommended course of action.