The Da Reactions plugin for WordPress has a security issue where it is vulnerable to a type of attack called Stored Cross-Site Scripting. This can happen in versions up to and including 5.1.5 because the plugin does not properly clean and protect the input and output of information. This means that attackers who are logged in with certain levels of access can add harmful code to web pages that will run when someone visits the page.