The Magic Post Thumbnail plugin for WordPress has a security issue in versions up to 3.3.6. If a user clicks on a malicious link, it could allow an attacker to inject malicious web scripts into the page. This is due to the plugin not properly sanitizing input or escaping output.