Logo Slider < 4.5.0 – Contributor+ Stored XSS | CVE 2024-10896 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

Proof of Concept

Fixed in 4.1.0
1. Create a logo in the plugin menu 
2. Change "Brand Name" field to `123" autofocus onfocus=alert(/XSS/)//` 
3. Publish/submit for review
4. The XSS will be triggered when any user will edit the logo again

Fixed in 4.5.0
1. Create a new Logo Slider (via the Shortcode Generator menu of the plugin)
2. Put the following payload in the "Logo Image Height" or "Logo Image Width" fields: 123" autofocus onfocus=alert(/XSS/)// 
3. Save/Submit for review.
4. The XSS will be triggered when a user will edit the Slider again

Affects Plugins

Fixed in 4.5.0

References

CVE

URL

https://research.cleantalk.org/cve-2024-10896/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

1304c2b6-922d-455e-bae8-d6bf855eddd9

Timeline

Publicly Published

2024-11-07 (about 1 year ago)

Added

2024-11-07 (about 1 year ago)

Last Updated

2024-11-07 (about 1 year ago)

Other

Published

Title

Published

2023-02-24

Title

Chat Bee <= 1.1.0 - Admin+ Stored XSS

Published

2024-03-25

Title

SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting

Published

2023-11-15

Title

Add Widgets to Page <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-08-12

Title

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter

Published

2025-04-01

Title

HTML Forms < 1.5.2 - Unauthenticated Stored Cross-Site Scripting