This vulnerability arises from insufficient input sanitization and output escaping in the Gutentools plugin, specifically within the Post Slider block's block_id attribute. The flaw is exacerbated by a custom unescaping routine that reintroduces hazardous characters, allowing stored XSS attacks. As a result, an attacker with minimal access (Contributor-level) can inject arbitrary scripts that execute each time an unsuspecting user, such as an Administrator, views the compromised page. This type of vulnerability can lead to various malicious outcomes, including session hijacking, defacement, or redirection to malicious sites. Stored XSS is particularly dangerous as it embeds persistent scripts across site pages, posing a risk until rectified.

Site administrators should immediately restrict permissions, limiting the use of vulnerable blocks to trusted users only. It is crucial to regularly review and monitor user roles and capabilities to prevent excessive privileges. Additionally, consider implementing a web application firewall (WAF) to provide an extra layer of security against XSS attacks.