The aumsrini Bee Layer Slider plugin versions up to 1.1 suffer from a stored cross-site scripting vulnerability due to improper input neutralization during web page generation. This flaw allows an attacker with low privileges to inject malicious scripts that are stored and later executed in the context of users viewing the affected pages. The vulnerability impacts confidentiality, integrity, and availability to a limited degree, as reflected in the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). No known exploits are reported in the wild, and no patch or official remediation guidance has been provided by the vendor.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of users interacting with the vulnerable plugin, potentially leading to limited disclosure of information, modification of data, or disruption of service. The attack requires user interaction and low privilege, and the scope is changed (S:C) indicating some impact beyond the vulnerable component. However, the overall impact is rated medium.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version to mitigate risk. Monitoring for updates from the vendor or security advisories is recommended.