Description The plugin does not correctly sanitize and escape user-supplied attributes in the ‘spice_post_slider’ shortcode. This oversight could lead to the injection of arbitrary web scripts into pages that will execute whenever accessed by a user.