WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.

Proof of Concept

Goto Dashboard -> New Project and enter a JavaScript payload within the Name field (projectName parameter), such as <script>alert(/XSS/)</script> 

Affects Plugins

smart-slider-3
Fixed in version 3.5.0.9
nextend-smart-slider3-pro
Fixed in version 3.5.0.9

References

CVE
CVE-2021-24382
URL
https://smartslider.helpscoutdocs.com/article/1746-changelog
URL
https://packetstormsecurity.com/files/162991/
ExploitDB
49958

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Hardik Solanki, blackangel

Verified

Yes

WPVDB ID
7b32a282-e51f-4ee5-b59f-5ba10e62a54d

Timeline

Publicly Published

2021-06-07 (about 1 years ago)

Added

2021-06-10 (about 1 years ago)

Last Updated

2022-01-17 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceSubmission termsDisclosure policyPrivacy Notice for California Users
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us