Testimonial Slider < 2.3.8 – Admin+ Stored XSS | CVE 2024-1746 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to "Testimonial > Shortcode" 
2. Add a shortcode and go to "Styling" and in the "Parent Class" field add the payload `(123" asd='' onmouseover="alert(1)"')`
3. Save the settings
4. Add the shortcode to a new post/page and publish or preview to see the XSS

Affects Plugins

testimonial-slider-and-showcase

Fixed in 2.3.8

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

5f35572a-4129-4fe0-a465-d25f4c3b4419

Timeline

Publicly Published

2024-03-25 (about 1 months ago)

Added

2024-03-25 (about 1 months ago)

Last Updated

2024-03-25 (about 1 months ago)

Other

Published

Title

Published

2021-08-09

Title

SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting

Published

2023-02-15

Title

vSlider Multi Image Slider for WordPress <= 4.1.2 - Contributor+ Stored XSS

Published

2019-05-14

Title

Register IPs <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2023-11-07

Title

Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2023-03-27

Title

Contest Gallery < 21.1.2.1 - Reflected XSS