Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, add a shortcode:
```
[jitsi width="700px" height=700px" username='test" onmouseover="alert(1);"' useremail='" style="background-color: pink; height: 500px;"']
```
View the post as an admin and move your mouse over the pink box to trigger the XSS.
Note: Other parameters are also vulnerable.