The WP Adminify plugin for WordPress is not secure in versions 3.1.6 and below. Attackers with administrator-level permissions have the ability to inject malicious web scripts into pages. This then allows the scripts to run whenever a user visits the page. This only happens when multi-site installations or installations where unfiltered_html has been disabled are used.