CVE-2023-49184: 
WordPress vulnerability analysis and mitigation

The CVE-2023-49184 is a Cross-site Scripting (XSS) vulnerability affecting WPDeveloper's Parallax Slider Block WordPress plugin versions through 1.2.4. The vulnerability was discovered and reported by researcher 'emad' on August 29, 2023, and was publicly disclosed on November 29, 2023 (Patchstack).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue due to insufficient input sanitization and output escaping in the plugin. It has received a CVSS v3.1 base score of 5.4 (Medium) according to NIST, while Patchstack rates it at 5.9 (Medium). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

This vulnerability allows authenticated attackers with author-level access and above to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an injected page, potentially leading to unauthorized actions, data theft, or page manipulation (WPScan).

The vulnerability has been patched in version 1.2.6 of the Parallax Slider Block plugin. Site administrators are advised to update to version 1.2.6 or later to remediate this security issue (Patchstack).