The Post Snippets plugin for WordPress has a security flaw in versions up to and including 4.0.2. It allows people with administrator-level access to inject malicious scripts into pages. These scripts can execute whenever someone visits the page. This only affects multi-site installations or installations where certain HTML code has been disabled.