The Menu Image, Icons made easy plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting. This attack can be used by someone with administrator-level permissions or higher and allows them to inject malicious code into pages of the website. This code will then run when someone views the page. This type of attack only affects multi-site installations and installations where a specific type of security feature has been disabled.