The subhansanjaya Carousel Horizontal Posts Content Slider plugin (version ≤ 3.3.2) contains a DOM-based Cross-site Scripting vulnerability due to improper input neutralization during web page generation. This allows an attacker with low privileges and requiring user interaction to execute arbitrary scripts in the context of the affected web application. The CVSS 3.1 base score is 6.5, indicating a medium severity with network attack vector, low attack complexity, and partial impact on confidentiality, integrity, and availability. No patch or official fix information is available, and the product is not a cloud service.

Successful exploitation could allow an attacker to execute arbitrary scripts in the user's browser, potentially leading to partial disclosure of information, modification of data, or disruption of service. The attack requires user interaction and low privileges, limiting the ease of exploitation. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting user input that interacts with the plugin or applying web application firewall rules to detect and block suspicious input patterns related to this vulnerability. Monitor vendor communications for updates on patches or official mitigations.