The Colibri Page Builder plugin for WordPress has a security issue where it can be attacked by malicious code. This can happen when someone with contributor-level access or higher uses the ‘colibri_post_title’ shortcode and adds code to the ‘heading_type’ attribute. This can result in the execution of harmful scripts when a user opens the page.