The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87