Logo Slider < 4.5.0 – Author+ Stored XSS | CVE 2024-10473 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.

Proof of Concept

1. Create a logo in the plugin menu 
2. Change "Brand Name" field to `123" autofocus onfocus=alert(/XSS/)//` 
3. Set any image as the Brand Logo and publish it
4. Create a new Logo Slider via the Shortcode Generator menu of the plugin
5. Add the shortcode to a post and publish it
6. View the post and move the mouse over the image in the slider to trigger the XSS

Affects Plugins

Fixed in 4.5.0

References

CVE

URL

https://research.cleantalk.org/cve-2024-10473/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

7512cbdf-cf27-4a1f-bac8-9fcb14bf463e

Timeline

Publicly Published

2024-11-07 (about 1 year ago)

Added

2024-11-07 (about 1 year ago)

Last Updated

2024-11-25 (about 1 year ago)

Other

Published

Title

Published

2025-07-16

Title

WP Delicious < 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-08-12

Title

Alpine PhotoTile for Pinterest <= 1.3.1 - Admin+ Stored Cross-Site Scripting

Published

2021-12-20

Title

Contest Gallery < 14.0.0 - Author+ Stored Cross-Site Scripting

Published

2023-02-08

Title

Weixin Robot Advanced <= 6.2.2.1 - Reflected XSS

Published

2024-05-21

Title

NextScripts: Social Networks Auto-Poster < 4.4.4 - Unauthenticated Stored Cross-Site Scripting via User Agent