The Easy Social Feed plugin for WordPress has a security vulnerability that allows hackers to insert harmful scripts into web pages. This can happen when someone with contributor-level access or higher uses the plugin’s shortcodes without proper input sanitization and output escaping.