WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)

vendor:

Smart Slider 3

by:

Hardik Solanki

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Smart Slider 3

Affected Version From: 3.5.0.8

Affected Version To: 3.5.0.8

Patch Exists: YES

Related CWE: N/A

CPE: a:smart_slider_3:smart_slider_3

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows

2021

WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)

A stored cross-site scripting (XSS) vulnerability exists in the WordPress Plugin Smart Slider-3 3.5.0.8. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the 'Name' field when creating a new project. This will cause the malicious JavaScript payload to be stored and executed when the project is viewed. This can lead to the theft of cookies, user redirection to a malicious website, and malicious code execution.

Mitigation:

Update to the latest version of the plugin.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)
# Exploit Author: Hardik Solanki
# Date: 05/06/2021
# Software Link: https://wordpress.org/plugins/smart-slider-3/
# Version: 3.5.0.8
# Tested on Windows

*How to reproduce vulnerability:*

1. Install WordPress 5.7.2
2. Install and activate the "*Smart Slider 3" Version 3.5.0.8* plugin
3. Navigate to "*Dashboard* and create a "*New Project*".
4. Enter the JavaScript payload "*<script>alert(document.cookie)</script>*" into the "*Name*" field.
5. You will observe that the Project has been created with malicious
JavaScript payload "<script>alert(document.cookie)</script>" and hence
project has been* created/stored* and thus JavaScript payload is executing
successfully.

*XSS IMPACT:*
1: Steal the cookie
2: User redirection to a malicious website