Serious Slider < 1.2.7 – Contributor+ Stored XSS via Shortcode | CVE 2024-11108 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Add the shortcode to a page/post:

`[serious-slider id='330" onmouseover="alert(112);"']`

Move your mouse over the slider to see the XSS alert.

Note: The ID needs to be a valid slider. A contributor user can obtain one by looking at an existing page with a slider.

Affects Plugins

cryout-serious-slider

Fixed in 1.2.7

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

7790af9d-621b-474c-b28c-c774e2a292bb

Timeline

Publicly Published

2024-11-29 (about 1 year ago)

Added

2024-11-29 (about 1 year ago)

Last Updated

2024-11-29 (about 1 year ago)

Other

Published

Title

Published

2021-09-27

Title

WP Visited Countries Reloaded < 3.1.1 - Reflected Cross-Site Scripting

Published

2024-06-06

Title

Heateor Social Login WordPress < 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-04-10

Title

Spark GF Failed Submissions < 1.3.6 - Reflected Cross-Site Scripting

Published

2024-01-10

Title

Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS

Published

2024-12-17

Title

Video Share VOD – Turnkey Video Site Builder Script < 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting