Update the WordPress Image Hover Effects Ultimate plugin to the latest available version (at least 9.7.2).
FearZzZz discovered and reported this Broken Access Control vulnerability in WordPress Image Hover Effects Ultimate Plugin. This vulnerability has been fixed in version 9.7.2.
9.8.4) Admin+ Stored XSS vulnerability
Authenticated Reflected CrossSite Scripting (XSS) vulnerability
Reflected CrossSite Scripting (XSS) vulnerability
Unauthenticated Arbitrary Options Update leading to full website compromise