This vulnerability allows an attacker to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the “s4w-more” parameter to the smilies4wp.php page to wp-admin/options-general.php.
Update the plugin.