Many plugins for WordPress are at risk for a type of cyber attack called Stored Cross-Site Scripting. This is because they use a library called SimpleLightbox (version 2.1.5) that does not properly protect against malicious code. As a result, attackers who have contributor-level access or higher can add harmful scripts to pages that will run whenever someone visits those pages.