The Greenshift plugin for WordPress, which allows for animations and building blocks on web pages, has a security flaw called Stored Cross-Site Scripting. This means that attackers who have contributor-level access or higher can insert harmful code onto pages, which will run whenever someone visits that page.