The WP Discord Invite plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting. This type of attack occurs when a website is not properly protected against malicious code. In this case, all versions of the plugin up to version 2.5.1 are affected because they do not have the necessary safeguards in place to stop attackers from injecting malicious code. This vulnerability is only present in multi-site installations and installations where unfiltered_html has been disabled. Attackers with administrator-level permissions and above can inject web scripts into pages that will execute whenever a user accesses the page. To protect against this type of attack, it is important to ensure that all versions of the WP Discord Invite plugin are up to date and that all websites are properly protected against malicious code.