The WP Adminify plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting which affects versions up to, and including, 3.1.5. This type of attack allows someone with administrator-level permissions to inject malicious web scripts into a page. These scripts will then run every time someone visits the page. This attack only affects multi-site installations and installations where a certain security setting, called unfiltered_html, has been disabled.