CVE-2016-10974 (fluid-responsive-slideshow)

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
Source: NIST
CVE-2016-10974 (fluid-responsive-slideshow)