WordPress Plugin Vulnerabilities
Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
Description
The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
Proof of Concept
1) Create a Logo Showcase 2) Set display type to Logo Grid 3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)// NOTE: the 1 is important to avoid zero division error. NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp. 4) Add the showcase to a post using shortcode
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-19 (about 2 years ago)
Added
2021-10-19 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)