Hardik Solanki

**Name of the Vulnerable Software and Affected Versions** Smart Slider 3 versions prior to 3.5.0.9 **Description** The issue is related to a Stored Cross-Site Scripting problem. It occurs because the `Project Name` is not properly sanitized before being outputted back on the page. By default, only administrator users have access to the affected functionality, which limits the potential for exploitation. However, if WordPress administrators allow users with lesser privileges to access the plugin's functionality, it could lead to privilege escalation. **Recommendations** For versions prior to 3.5.0.9, update to version 3.5.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to only administrator users to minimize the risk of exploitation.