Smart Slider 3 < 3.5.1.14 – Contributor+ Stored XSS | CVE 2023-0660

Description

The plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[smartslider3 slider="'-alert(/XSS/)-'a" slide="1"]
[smartslider3 slider="'\x5d=1;alert(/XSS/)//" slide="1"]

Affects Plugins

smart-slider-3

Fixed in 3.5.1.14

References

CVE

CVE-2023-0660

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter website

https://wpscan.com

Verified

Yes

WPVDB ID

3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce

Timeline

Publicly Published

2023-02-28 (about 2 years ago)

Added

2023-02-28 (about 2 years ago)

Last Updated

2023-02-28 (about 2 years ago)

Other

Published

Title

Published

2024-12-19

Title

Embed PDF Viewer < 2.4.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2024-05-02

Title

Pet Manager <= 1.4 - Contributor+ Stored XSS

Published

2024-11-18

Title

LeadBoxer < 1.4 - Reflected XSS

Published

2025-02-24

Title

Profile Widget Ninja <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-03-12

Title

ProfilePress < 4.15.3 - Contributor+ Stored Cross-Site Scripting