The FV Flowplayer Video Player plugin for WordPress is a security risk because it contains a vulnerability that can be exploited. Unauthenticated attackers can inject malicious code into web pages, which will run when someone visits the page. Additionally, attackers can update the user meta data to include a malicious string. These actions can be taken without authorization and can cause serious damage.