Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
1. As a contributor, go to "Swift Slider > Add New Slide"
2. In the "Content > Caption Text" add the POC: `[spb_boxed_content element_name="red" title=""test" box_link="red"" box_link_target="self" el_class='red" onmouseover="alert(/XSScontrib5/)"' width='1/1' el_position="first last"]test content[/spb_boxed_content]`
3. When an admin approves the slide, the XSS will be seen.
Note: Other shortcodes throughout the plugin are vulnerable to the same issue.