The All in One Invite Codes plugin for WordPress can put people using it at risk. If they are using versions up to, and including, 1.0.14, attackers may be able to inject malicious web scripts into their WordPress website. These scripts may run in the victims browser, potentially allowing attackers to access their information or take control of their website.