The URL Shortify plugin used for WordPress has a security issue called Stored Cross-Site Scripting. This happens in all versions up to 1.10.4 because the plugin does not properly clean up user input and output. This means that someone who has administrator-level access can add harmful scripts to pages that will run whenever someone visits that page. This only affects websites with multiple installations or have disabled the unfiltered_html feature.