The Drop Shadow Boxes plugin for WordPress, which is used to add special boxes to pages and posts, is vulnerable to a type of attack called Stored Cross-Site Scripting. This type of attack involves malicious code being inserted into webpages, which can then be executed whenever the page is accessed. Versions of the plugin up to and including 1.7.13 are vulnerable to this attack because they do not properly sanitize or escape user-supplied data. Any user with contributor-level permissions or higher can take advantage of this vulnerability to inject malicious code into webpages.