Logo Slider < 3.6.0 – Contributor+ Stored XSS in Shortcode | CVE 2022-4664

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

Note: First, you need to add a Logo Slider.

Exploit: [logo-slider border='yes' bordercolor='red" onmouseover="alert(1)"']

Affects Plugins

logo-slider-wp

Fixed in 3.6.0

References

CVE

CVE-2022-4664

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

LanaCodes

Verified

Yes

WPVDB ID

d6a9cfaa-d3fa-442e-a9a1-b06588723e39

Timeline

Publicly Published

2022-12-16 (about 1 years ago)

Added

2023-01-10 (about 1 years ago)

Last Updated

2023-01-10 (about 1 years ago)

Other

Published

Title

Published

2023-05-16

Title

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

Published

2024-05-01

Title

IDonate <= 1.9.0 - Admin+ Stored XSS

Published

2021-10-29

Title

NextScripts: Social Networks Auto-Poster < 4.3.21 - Reflected Cross-Site Scripting

Published

2023-04-12

Title

hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting

Published

2023-11-07

Title

Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated Stored XSS