WordPress Plugin Vulnerabilities

MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)

Description

Vishnupriya Ilango, from Fortinet's FortiGuard Lab, discovered a stored Cross-Site Scripting (XSS) vulnerability in Metaslider plugin (v3.17.1), which exists in Image caption or description parameter in the slide creation module.

Affects Plugins

Plugin icon
ml-slider
Fixed in 3.17.2

References

URL
https://www.fortiguard.com/zeroday/FG-VD-20-123

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Vishnupriya Ilango (Fortinet's FortiGuard Labs)
Verified
No
WPVDB ID
151ec256-7c21-40db-84cb-d8b68f5c4973

Timeline

Publicly Published
2020-09-17 (about 5 years ago)
Added
2020-09-17 (about 5 years ago)
Last Updated
2020-09-18 (about 5 years ago)

Other

Published
Title
Published
2023-10-17
Title
Fotomoto <= 1.2.8 - Reflected XSS
Published
2025-01-15
Title
UpdraftPlus - Backup/Restore < 1.25.1 - Reflected XSS
Published
2024-03-25
Title
Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2014-08-01
Title
XSS in jobroller theme
Published
2024-06-22
Title
Shortcodes Ultimate Pro < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS