CVE-2024-8283: 
WordPress vulnerability analysis and mitigation

The Slider by 10Web WordPress plugin before version 1.2.59 contains a stored Cross-Site Scripting (XSS) vulnerability that affects high privilege users such as administrators. The vulnerability exists due to insufficient sanitization and escaping of certain plugin settings, which can be exploited even when the unfiltered_html capability is disallowed, such as in multisite setups (NVD, WPScan).

The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The issue specifically involves the 'link the slide to' field in Slide options, which fails to properly sanitize and escape user input (NVD).

When exploited, this vulnerability allows high-privilege users to perform Stored Cross-Site Scripting attacks. The impact is particularly notable in multisite WordPress installations where even administrators are typically restricted from using unfiltered HTML (WPScan).

Users should upgrade to version 1.2.59 or later of the Slider by 10Web plugin, which contains fixes for this vulnerability (WPScan).