Slideshow CK < 1.4.10 – Admin+ Stored Cross-Site Scripting | CVE 2022-1335 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Proof of Concept

Create/edit a Slideshow, add a Slide and put the following payload in the Description <img src onerror=alert(/XSS/)>

The XSS will be triggered in page/post where the Slideshow is embed

Affects Plugins

Fixed in 1.4.10

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website

https://fafachena.com/

Submitter twitter

Verified

Yes

WPVDB ID

cfc80857-8674-478f-9604-7a8849e5b85e

Timeline

Publicly Published

2022-05-18 (about 2 years ago)

Added

2022-05-18 (about 2 years ago)

Last Updated

2023-02-09 (about 1 years ago)

Other

Published

Title

Published

2014-04-25

Title

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

Published

2024-04-19

Title

Happy Addons for Elementor < 3.10.5 - Contributor+ Stored XSS

Published

2024-02-07

Title

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Published

2019-10-16

Title

Events Manager < 5.9.6 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2023-12-23

Title

Colibri Page Builder < 1.0.240 - Contributor+ Stored XSS