WordPress Captain Slider plugin version 1.0.6 suffers from a stored cross site scripting vulnerability.