CVE-2023-49852 – WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

https://notcve.org/view.php?id=CVE-2023-49852

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Vsourz Digital Responsive Slick Slider WordPress permite la inyección de código. Este problema afecta a Responsive Slick Slider WordPress: desde n/a hasta 1.4. The Responsive Slick Slider WordPress plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary content. • https://patchstack.com/database/vulnerability/responsive-slick-slider/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •