The WP Radio plugin for WordPress has a security issue that allows attackers to inject harmful web scripts into the plugin’s settings. This can be done by anyone with subscriber access or higher, and it can cause these scripts to run whenever a user opens the affected pages.