The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb/