Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitApple502jWPEX-ID:5D70818E-730D-40C9-A2DB-652052A5FD5C
HistoryOct 19, 2021 - 12:00 a.m.

Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting

2021-10-1900:00:00
apple502j
363
stored cross site scripting
author+
logo showcase
slick slider
http request
owasp zap
burp
shortcode

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.

1) Create a Logo Showcase
2) Set display type to Logo Grid
3) Set number of grid to 1" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)//
NOTE: the 1 is important to avoid zero division error.
NOTE: there are Javascript protections which can be mitigated by intercepting the HTTP request in a tool like OWASP ZAP or Burp.
4) Add the showcase to a post using shortcode

Related

nvd 1
prion 1
cvelist 1
wpvulndb 1
patchstack 1
cve 1
nvd
nvd
CVE-2021-24729
2021-11-23 20:15:09
prion
prion
Cross site scripting
2021-11-23 20:15:00
cvelist
cvelist
CVE-2021-24729 Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
2021-11-23 19:16:10
wpvulndb
wpvulndb
Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
2021-10-19 00:00:00
patchstack
patchstack
WordPress Logo Showcase with Slick Slider plugin <= 1.2.3 - Stored Cross-Site Scripting (XSS) vulnerability
2021-10-19 00:00:00
cve
cve
CVE-2021-24729
2021-11-23 20:15:09

EPSS

0.001

Percentile

24.8%

JSON
Related for WPEX-ID:5D70818E-730D-40C9-A2DB-652052A5FD5C
nvd1prion1cvelist1wpvulndb1patchstack1cve1