Logo Slider < 4.0.0 – Contributor+ Stored XSS | CVE 2024-3288 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

1. Using a contributor account, add a Logo Slider using the Shortcode Generator menu of the plugin.
2. In the Header tab, use this as title and subtitle: " style=animation-name:rotation onanimationstart=alert(/XSS/)//
3. Submit the Slider for review/save it, the XSS will be triggered when any user will edit the slider again

Affects Plugins

Fixed in 4.0.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Krugov Artyom

Submitter

Krugov Aryom

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

4ef99f54-68df-4353-8fc0-9b09ac0df7ba

Timeline

Publicly Published

2024-05-17 (about 1 months ago)

Added

2024-05-17 (about 1 months ago)

Last Updated

2024-05-17 (about 1 months ago)

Other

Published

Title

Published

2015-09-01

Title

sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)

Published

2023-02-15

Title

Inline Tweet Sharer < 2.6 - Admin+ Stored XSS

Published

2021-08-16

Title

WP Courses LMS < 2.0.44 - Reflected Cross-Site Scripting

Published

2024-03-15

Title

WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2015-04-21

Title

Shortcode Factory < 1.1.1 - XSS