The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue.
The issue was initially fixed in 3.1.4, however re-introduced in 3.2.0.
2021-03-24 (about 1 years ago)
2021-10-20 (about 1 years ago)
2022-04-14 (about 7 months ago)