Logo Showcase with Slick Slider < 1.2.4 – Author+ Stored Cross Site Scripting | CVE 2021-24729 | Plugin Vulnerabilities

Description

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.

Proof of Concept

1) Create a Logo Showcase
2) Set display type to Logo Grid
3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)//
NOTE: the 1 is important to avoid zero division error.
NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp.
4) Add the showcase to a post using shortcode

Affects Plugins

logo-showcase-with-slick-slider

Fixed in 1.2.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

5d70818e-730d-40c9-a2db-652052a5fd5c

Timeline

Publicly Published

2021-10-19 (about 2 years ago)

Added

2021-10-19 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2023-11-20

Title

wpForo Forum < 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2023-10-25

Title

Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting

Published

2017-10-08

Title

Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)

Published

2024-04-25

Title

Newsletter Popup <= 1.2 - Admin+ Stored XSS

Published

2014-08-01

Title

bp-gallery 1.2.5 - Cross Site Scripting