logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting

Description

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.

Proof of Concept

1) Create a Logo Showcase
2) Set display type to Logo Grid
3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)//
NOTE: the 1 is important to avoid zero division error.
NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp.
4) Add the showcase to a post using shortcode

Affects Plugins

logo-showcase-with-slick-slider

Fixed in version 1.2.4

References

CVE

CVE-2021-24729

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

5d70818e-730d-40c9-a2db-652052a5fd5c

Timeline

Publicly Published

2021-10-19 (about 3 months ago)

Added

2021-10-19 (about 3 months ago)

Last Updated

2021-10-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin