WordPress Plugin Vulnerabilities

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Proof of Concept

Create/edit a Carousel, add a Slide and put the following payload in the Description <img src onerror=alert(/XSS/)>

The XSS will be triggered in page/post where the Carousel is embed

Affects Plugins

Plugin icon
carousel-ck
No known fix

References

CVE
CVE-2022-1336

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Fayçal CHENA
Submitter
Fayçal CHENA
Submitter website
https://fafachena.com/
Submitter twitter
faycal_chena
Verified
Yes
WPVDB ID
39e127f1-c36e-4699-892f-3755ee17bab6

Timeline

Publicly Published
2022-05-18 (about 2 years ago)
Added
2022-05-18 (about 2 years ago)
Last Updated
2023-02-09 (about 1 years ago)

Other

Published
Title
Published
2021-02-08
Title
Extra Charges To Payment Gateway For WooCommerce <= 2.0.2.1 - Unauthorised Arbitrary Plugin Settings Change to Stored XSS
Published
2017-03-01
Title
Gwolle Guestbook <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2017-03-01
Title
Admin Custom Login < 2.4.8 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-11-07
Title
WP Crowdfunding < 2.1.7 - Reflected XSS
Published
2021-05-07
Title
Autoptimize < 2.8.4 - Authenticated Stored Cross-Site Scripting (XSS)