The Easy Social Feed plugin for WordPress has a security vulnerability that allows attackers to inject harmful web scripts through the ‘fb_appid’ parameter. This vulnerability affects versions up to 6.5.3 and is due to a lack of proper input filtering and output protection. This means that attackers with contributor-level access or higher can add malicious code to pages, which will run whenever someone visits that page.