WordPress Plugin Vulnerabilities

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.

Proof of Concept

Goto Dashboard -> New Project and enter a JavaScript payload within the Name field (projectName parameter), such as <script>alert(/XSS/)</script>

Affects Plugins

smart-slider-3

Fixed in version 3.5.0.9

nextend-smart-slider3-pro

Fixed in version 3.5.0.9

References

CVE

CVE-2021-24382

URL

https://smartslider.helpscoutdocs.com/article/1746-changelog

URL

https://packetstormsecurity.com/files/162991/

ExploitDB

49958

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Hardik Solanki, blackangel

Verified

Yes

WPVDB ID

7b32a282-e51f-4ee5-b59f-5ba10e62a54d

Timeline

Publicly Published

2021-06-07 (about 1 years ago)

Added

2021-06-10 (about 1 years ago)

Last Updated

2022-01-17 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin