CVE-2021-24544 – Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24544

21 Sep 2021 — The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logge... • https://wpscan.com/vulnerability/4a2dddfc-6ce2-4edd-aaaa-4c130a9356d0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •