CVE-2021-24544 – Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24544

The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example. El plugin Responsive WordPress Slider de WordPress versiones hasta 2.2.0, no sanea y escapa de algunas de las opciones del Slider, permitiendo que se establezcan cargas útiles de tipo Cross-Site Scripting en ellas. Además, como por defecto cualquier usuario autenticado puede crear Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, esta configuración puede ser cambiada en los ajustes del plugin), esto permitiría a usuarios con un rol tan bajo como el de suscriptor, llevar a cabo ataques de tipo Cross-Site Scripting contra los administradores registrados visualizando la lista de los sliders y podría conllevar a una escalada de privilegios al crear una cuenta de administrador falsa, por ejemplo • https://wpscan.com/vulnerability/4a2dddfc-6ce2-4edd-aaaa-4c130a9356d0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •