CVE-2023-5362: 
WordPress vulnerability analysis and mitigation

CVE-2023-5362 affects the Carousel, Recent Post Slider and Banner Slider WordPress plugin in versions up to and including 2.0. The vulnerability was discovered and publicly disclosed on October 20, 2023. This security issue impacts WordPress installations using the affected plugin versions, specifically through the 'spice_post_slider' shortcode functionality (NVD, WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue, identified as CWE-79. The flaw stems from insufficient input sanitization and output escaping on user-supplied attributes in the 'spice_post_slider' shortcode. The vulnerability has received a CVSS v3.1 base score of 5.4 (Medium) from NIST and 6.4 (Medium) from Wordfence, indicating a moderate severity level (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data theft (Wordfence).

The vulnerability has been patched in version 2.1 of the plugin. Site administrators are strongly advised to update to this version or later to protect against this security issue (WPScan).