Bugfix
- [security] Shortcode parameters that set an element's color, size, id, class or style are now escaped when written into the page, closing a stored cross-site scripting hole where a crafted value could break out of the attribute and run script in a visitor's or an administrator's browser (GHSA-q5fw-vpqc-fgph).