The ContestsWP plugin for WordPress, which is used to run contests, raffles, and giveaways, has a security vulnerability. This means that hackers can insert harmful web scripts onto a page if they can trick someone into clicking on a link. It affects versions up to 2.0.6 and can be used by attackers who are not logged in.