The WP Radio plugin for WordPress has a security issue that allows unauthorized changes to be made to the data. This can happen because the plugin doesn’t check for certain permissions when using certain functions. As a result, someone with subscriber access or higher can change settings and even add or remove radio stations. This could potentially lead to a separate issue with Cross-Site Scripting.