WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting

Description

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.

Proof of Concept

1) Create a Logo Showcase
2) Set display type to Logo Grid
3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)//
NOTE: the 1 is important to avoid zero division error.
NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp.
4) Add the showcase to a post using shortcode

Affects Plugins

logo-showcase-with-slick-slider
Fixed in version 2.0.3

References

CVE
CVE-2021-24729

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID
5d70818e-730d-40c9-a2db-652052a5fd5c

Timeline

Publicly Published

2021-10-19 (about 1 years ago)

Added

2021-10-19 (about 1 years ago)

Last Updated

2022-04-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin