CVE-2021-24544

Name of the Vulnerable Software and Affected Versions The Responsive WordPress Slider WordPress plugin versions 2.2.0 and earlier

Description The issue allows Cross-Site Scripting payloads to be set in some of the Slider options due to a lack of sanitization and escaping. By default, any authenticated user can create Sliders, which can be changed in the plugin's settings. This enables users with a role as low as subscriber to perform Cross-Site Scripting attacks against logged-in admins viewing the slider list, potentially leading to privilege escalation by creating a rogue admin account.

Recommendations For versions 2.2.0 and earlier, update to a version later than 2.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the Slider options to prevent unauthorized changes. Additionally, restrict the ability for low-role users, such as subscribers, to create Sliders until the issue is resolved.