Multiple add-ons for the website platform WordPress are at risk for a type of cyber attack called Stored Cross-Site Scripting. This is because the add-ons use a library called Magnific Popups (specifically version 1.1.0) which does not properly protect against harmful code that users can input. This means that someone with a certain level of access to the website (contributor or higher) could potentially insert their own malicious code into a page. This code would then be executed whenever someone visits that page, putting them at risk. The developers of Magnific Popups have fixed this issue in the latest version (1.2.0) by disabling certain fields from accepting HTML code by default.
