The Colibri Page Builder plugin for WordPress has a security issue that can affect websites using it. This issue is known as Stored Cross-Site Scripting and it can happen when using the ‘colibri-gallery-slideshow’ feature. This problem is present in all versions up to and including 1.0.272 because the plugin does not properly check for and remove harmful code from user-entered information. This means that someone with contributor-level access or higher could potentially insert harmful code into a page that will run whenever a user visits that page.