The Radio Player plugin for WordPress is not secure and can be hacked through the ‘align’ attribute in the ‘wp:radio-player’ block. This can allow someone with Contributor-level access or higher to put harmful code on pages that will run when a user visits them.