The Opensea WordPress plugin before version 1.0.3 had a security flaw that allowed people with high levels of access to the website to do something called Cross-Site Scripting. This could be done even if the website had security settings that were meant to stop this from happening. The flaw was in a field called the “”Referer address””. The problem has since been fixed.