The Colibri Page Builder plugin for WordPress has a security issue that allows hackers to inject harmful code into websites. This vulnerability is present in all versions of the plugin up to 1.0.276. This can be done by using the plugin’s colibri_video_player feature, which does not properly protect against malicious input from users. This means that attackers with certain levels of access can insert code into pages that will run when someone visits the page.