The Restrict plugin for WordPress has a security issue that could allow unauthenticated attackers to inject malicious web scripts into web pages. If a user visits an injected page, the malicious web scripts will run. This security issue affects versions up to, and including, 2.2.4 because of inadequate input sanitization and output escaping.