WP Scan Vulnerability Database has released information about a potential security hole discovered in the popular Royal Slider plugin. The exploit allows a remote attacker to trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in a browser. The plugin developer has indicated that this issue is fixed in Royal Slider version 3.2.7 which is available as an upgrade. The current version as of this post is 3.2.8.
All Cinch customers using licensed versions of the Royal Slider plugin need to take no action: their sites have already been updated and scanned for malware.