The Simple Nivo Slider plugin for WordPress is a popular component used to create responsive sliders on websites. This vulnerability allows attackers to inject arbitrary web scripts into pages that will execute when accessed by users, potentially leading to malicious content being displayed or even taking control of the website.
You're affected if you use Simple Nivo Slider. Specific version info not stated in the advisory.
To fix this vulnerability, upgrade to Simple Nivo Slider version 1.0.0 or later from the WordPress Plugin Directory:
Alternatively, if you can't upgrade immediately, consider these immediate mitigations:
- Disable the plugin until a patched version is available.
- Use a web application firewall (WAF) or security plugin that can detect and block malicious requests.