The StreamWeasels Twitch Integration plugin for WordPress has a security issue that allows malicious code to be injected through the plugin’s sw-twitch-embed feature. This vulnerability affects all versions of the plugin up to and including 1.8.6. This means that attackers with contributor-level access or higher can add harmful code to pages, which will run whenever someone visits that page.