The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
1) Create a Logo Showcase
2) Set display type to Logo Grid
3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)//
NOTE: the 1 is important to avoid zero division error.
NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp.
4) Add the showcase to a post using shortcode