WordPress Plugin Vulnerabilities

Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.

Proof of Concept

Goto Dashboard -> New Project and enter a JavaScript payload within the Name field (projectName parameter), such as <script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
smart-slider-3
Fixed in 3.5.0.9
Plugin icon
nextend-smart-slider3-pro
Fixed in 3.5.0.9

References

CVE
CVE-2021-24382
Exploitdb
49958
URL
https://packetstormsecurity.com/files/#162991/
URL
https://smartslider.helpscoutdocs.com/article/1746-changelog

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Hardik Solanki, blackangel
Verified
Yes
WPVDB ID
7b32a282-e51f-4ee5-b59f-5ba10e62a54d

Timeline

Publicly Published
2021-06-07 (about 2 years ago)
Added
2021-06-10 (about 2 years ago)
Last Updated
2022-01-17 (about 1 years ago)

Other

Published
Title
Published
2022-06-27
Title
W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting
Published
2015-12-09
Title
WP Easy Poll <= 1.1.3 - Cross-Site Scripting (XSS) & CSRF
Published
2023-07-07
Title
oAuth Twitter Feed for Developers <= 2.3.0 - Admin+ Stored XSS
Published
2017-10-08
Title
Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting (XSS)
Published
2016-08-04
Title
FormBuilder <= 1.05 - Authenticated Reflected Cross-Site Scripting (XSS)