Description The plugin does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks
As an Editor, create/edit a Slider, add a slide and put the following payload in any of the Slider Padding settings (such as Top, Bottom, Left, Right): "onmouseover=alert(/XSS/)
Save and put the Slider Shortcode in a page/post, view it and move the mouse over the generated slides to trigger the XSS