CVE-2023-47772: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Slider Revolution WordPress plugin versions up to and including 6.6.14. The vulnerability was identified and reported on November 14, 2023, affecting users with contributor-level access and above (WPScan, Patchstack).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 base score of 5.4 (MEDIUM) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Patchstack assigned a slightly higher CVSS score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability stems from insufficient input sanitization and output escaping (NVD).

The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the injected page, potentially leading to unauthorized actions, data theft, or manipulation of website content (WPScan).

The vulnerability has been patched in version 6.6.15 of the Slider Revolution plugin. Users are advised to update to this version or later to resolve the security issue (Patchstack).