3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting

Description

The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts.

Affects Plugins

3d-cover-carousel

No known fix - plugin closed

References

CVE

CVE-2021-38318

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38318

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

p7e4

Verified

WPVDB ID

37e84bdd-6c93-4f62-b2a3-3cc39fe0d7e0

Timeline

Publicly Published

2021-09-08 (about 4 months ago)

Added

2021-09-09 (about 4 months ago)

Last Updated

2022-01-03 (about 18 days ago)

Our Other Services

WPScan WordPress Security Plugin