The WP SPID Italia plugin for WordPress has a security issue where attackers can insert harmful scripts into website pages. This vulnerability affects all versions up to 2.9 and is caused by not properly checking and filtering user input. This means that authenticated attackers with certain levels of access can insert their own code which will run when someone views the affected page.