The Image Slider plugin, used in versions up to 1.1.119, is vulnerable to a type of cyber attack called SQL Injection. This happens because the plugin does not properly filter out malicious code before using it in a database query. As a result, people with access to the plugin can insert additional code into existing queries which could allow them to access sensitive information stored in the database.