WP Responsive Testimonials Slider And Widget <= 1.5 – Contributor+ Stored XSS | CVE 2022-4750

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[testimonials_slider autoplay="1}); alert(1); jQuery('#xss').slick({xssVulnerable:'yes'"]

Affects Plugins

wp-responsive-testimonials-slider-and-widget

No known fix

References

CVE

CVE-2022-4750

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

LanaCodes

Verified

Yes

WPVDB ID

7bdc1324-8d08-4185-971f-8d49367702cf

Timeline

Publicly Published

2023-01-25 (about 1 years ago)

Added

2023-01-25 (about 1 years ago)

Last Updated

2023-01-25 (about 1 years ago)

Other

Published

Title

Published

2014-09-21

Title

WooCommerce < 2.2.3 - Reflected Cross-Site Scripting (XSS)

Published

2024-03-25

Title

Off-Canvas Sidebars & Menus (Slidebars) < 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-02-15

Title

Service Area Postcode Checker <= 2.0.8 - Admin+ Stored XSS

Published

2021-09-28

Title

Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting

Published

2023-12-05

Title

Bold Page Builder < 4.7.0 - Contributor+ Stored XSS