WordPress Logo Slider CVE-2024-10473 Stored XSS Vulnerability Analysis

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Logo Slider < 4.5.0 2. Vulnerability Type: Author+ Stored XSS 3. Description: The plugin does not properly sanitize and escape output when rendering Logo settings, allowing users with author privileges to execute cross-site scripting attacks. 4. Proof of Concept: - Create a new Logo. - Change the “Brand Name” field to “123” and set it to autofocus. - Set any image as the brand logo and publish. - Create a new Logo Slider. - Add the shortcode to a post and publish. - View the post in the slider and move the mouse to trigger the XSS. 5. Affected Plugin: logo-slider-wp 6. Fix Status: Fixed in version 4.5.0. 7. References: - CVE ID: CVE-2024-10473 - URL: https://research.cleantalk.org/cve-2024-10473/ 8. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE ID: CWE-79 - CVSS Score: 4.8 (Medium) 9. Additional Information: - Original Researcher: Dmitrii Ignatyev - Submitter: Dmitrii Ignatyev - Submitter Website: https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ - Verification Status: Yes - WPVDB ID: 7512cbdf-cf27-4a1f-bac8-9fcb14bf463e 10. Timeline: - Public Release Date: 2024-11-07 (approximately 22 days ago) - Added Date: 2024-11-07 (approximately 22 days ago) - Last Updated Date: 2024-11-25 (approximately 3 days ago) This information provides detailed insights into the vulnerability, including its description, impact scope, fix status, references, classification, and timeline.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Logo Slider CVE-2024-10473 Stored XSS Vulnerability Analysis

More from this source